From: Arvin Schnell Date: Tue, 1 Oct 2013 13:47:50 +0000 (+0200) Subject: - restrict permissions on .snapshots subvolume (bnc#843219) X-Git-Tag: v0.1.7~5 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=dc33c4d9fa6bbad819d6aa88559ccca7db96c08e;p=thirdparty%2Fsnapper.git - restrict permissions on .snapshots subvolume (bnc#843219) --- diff --git a/package/snapper.changes b/package/snapper.changes index 23606c2b..7890c182 100644 --- a/package/snapper.changes +++ b/package/snapper.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Oct 01 15:46:19 CEST 2013 - aschnell@suse.de + +- restrict permissions on .snapshots subvolume (bnc#843219) + ------------------------------------------------------------------- Mon Sep 30 14:20:22 CEST 2013 - aschnell@suse.de diff --git a/snapper/Btrfs.cc b/snapper/Btrfs.cc index 49cd0bac..57f11782 100644 --- a/snapper/Btrfs.cc +++ b/snapper/Btrfs.cc @@ -107,6 +107,11 @@ namespace snapper y2err("create subvolume failed errno:" << errno << " (" << stringerror(errno) << ")"); throw CreateConfigFailedException("creating btrfs snapshot failed"); } + + SFile x(subvolume_dir, ".snapshots"); + struct stat stat; + if (x.stat(&stat, 0) == 0) + x.chmod(stat.st_mode & ~0027, 0); } diff --git a/snapper/FileUtils.cc b/snapper/FileUtils.cc index f693ede5..3777ad64 100644 --- a/snapper/FileUtils.cc +++ b/snapper/FileUtils.cc @@ -588,6 +588,13 @@ namespace snapper } + int + SFile::chmod(mode_t mode, int flags) const + { + return dir.chmod(name, mode, flags); + } + + bool SFile::xaSupported() const { diff --git a/snapper/FileUtils.h b/snapper/FileUtils.h index bccf31b0..e3d54508 100644 --- a/snapper/FileUtils.h +++ b/snapper/FileUtils.h @@ -126,6 +126,7 @@ namespace snapper int stat(struct stat* buf, int flags) const; int open(int flags) const; int readlink(string& buf) const; + int chmod(mode_t mode, int flags) const; bool xaSupported() const;