]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 48b1e82)
Standardize log file create mode to 0640 4589/head
authorRandy Syring <randy@syrings.us>
Fri, 3 Oct 2025 19:17:50 +0000 (15:17 -0400)
committerRandy Syring <randy@syrings.us>
Fri, 3 Oct 2025 19:17:50 +0000 (15:17 -0400)
refs: https://github.com/lxc/lxc/issues/4588
Signed-off-by: Randy Syring <randy@syrings.us>
src/lxc/log.c patch | blob | blame | history
src/lxc/terminal.c patch | blob | blame | history
src/lxc/tools/lxc_attach.c patch | blob | blame | history

diff --git a/src/lxc/log.c b/src/lxc/log.c
index 206f0227f5812ef80ee10f6f3234411b07b57e2b..7f43e6d6f8e5bc6a6c1097a45c86348c00b6718d 100644 (file)
--- a/src/lxc/log.c
+++ b/src/lxc/log.c
@@ -525,10 +525,10 @@ static int log_open(const char *name)
        __do_close int fd = -EBADF;
 
 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-       fd = lxc_unpriv(open(name, O_CREAT | O_WRONLY | O_APPEND | O_CLOEXEC, 0660));
+       fd = lxc_unpriv(open(name, O_CREAT | O_WRONLY | O_APPEND | O_CLOEXEC, 0640));
 #else
        if (!RUN_ON_OSS_FUZZ && is_in_comm("fuzz-lxc-") <= 0)
-               fd = lxc_unpriv(open(name, O_CREAT | O_WRONLY | O_APPEND | O_CLOEXEC, 0660));
+               fd = lxc_unpriv(open(name, O_CREAT | O_WRONLY | O_APPEND | O_CLOEXEC, 0640));
 #endif /* !FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
        if (fd < 0)
                return log_error_errno(-errno, errno, "Failed to open log file \"%s\"", name);
diff --git a/src/lxc/terminal.c b/src/lxc/terminal.c
index d94089d6b80aebd782c00eed37b45427ddac2a99..86fe785b6cb71c5640c55a0d603b5ac74d74b17a 100644 (file)
--- a/src/lxc/terminal.c
+++ b/src/lxc/terminal.c
@@ -869,7 +869,7 @@ int lxc_terminal_create_log_file(struct lxc_terminal *terminal)
        if (!terminal->log_path)
                return 0;
 
-       terminal->log_fd = lxc_unpriv(open(terminal->log_path, O_CLOEXEC | O_RDWR | O_CREAT | O_APPEND, 0600));
+       terminal->log_fd = lxc_unpriv(open(terminal->log_path, O_CLOEXEC | O_RDWR | O_CREAT | O_APPEND, 0640));
        if (terminal->log_fd < 0) {
                SYSERROR("Failed to open terminal log file \"%s\"", terminal->log_path);
                return -1;
diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c
index d63c962d087b6e9555f6f793815519c025b46eb8..4d85541179fff12ca99c849a15f31880cb93ff8e 100644 (file)
--- a/src/lxc/tools/lxc_attach.c
+++ b/src/lxc/tools/lxc_attach.c
@@ -308,7 +308,7 @@ static int lxc_attach_create_log_file(const char *log_file)
 {
        int fd;
 
-       fd = open(log_file, O_CLOEXEC | O_RDWR | O_CREAT | O_APPEND, 0600);
+       fd = open(log_file, O_CLOEXEC | O_RDWR | O_CREAT | O_APPEND, 0640);
        if (fd < 0) {
                ERROR("Failed to open log file \"%s\"", log_file);
                return -1;
Mirror of https://github.com/lxc/lxc.git