From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:700:3204::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id UJlfG90bgmVwvQAAkFu2QA (envelope-from ) for ; Tue, 19 Dec 2023 23:40:29 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id WIM7Ft0bgmXh1AAAe85BDQ (envelope-from ) for ; Tue, 19 Dec 2023 23:40:29 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=orKYDpl+; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1703025629; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-to: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=c8CKXnII4+SXXBrCZLKyX1QUyvcZxH/IkIjju8NpqQY=; b=dKjkbNCQQb0VrAK3AQI2pZtm+Xia9y9Zf2AXGRAtG61qRVmj8klafyHquuZfdD5c+kN0Kk qs0mJwDPSFxUHGW7sQdQ1+gldwVdus2CdoSyEzNR0kz82reCEczxbgrQRWj9xM9Omt9DVy om8YjJvPKal3OP1c3X5UImZajglrTjmKLsOlcOvEl4i5nuYWDnjm+fIqfQ4Yqw7cmgTLDh FsrIJMMOBB4kRXu7BrdUADj9Hv8ExgauHgtjiLC0Gw7QR9o6+a0xmMvw/g/9d+6AFnuuQj Q5IVkJHk1QF8hz8Wh1GAOF63dQZlBj2ETuw1E+kgR8a6qAe5RO4FbvPn71qCYw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1703025629; a=rsa-sha256; cv=none; b=uJ1wRTyWHe2/JVR+WgauUGrv7+VW8gigiE+kDnZJf/g7+b9tGRHGMbDOExj6m1CFnhyNbu 7JfHmnUEc4ayvMl/rXxV1+t29VfyJOEdyFJIJ8ZESYe+43oG9a4ojK68Py/jwPx9CwD6yC riaRbRlc9tvbtWBJdKjmHFtj8FGPXnJPma4nIBvZkHIwg8esFnge8pyUxCyLgAQ72yhf6x uT3TwzkvQEgwmR74WC4DqeobPnM80kQEIXTQ7rEIXqXpvEkfWk0aGgZUXkzhBKGbPa18Rt Q9Eq2zKTmK70sY00+b5JeVx46uahmZ3dBrGDsY0ryv+qSx5Cr6pDfcjtksTt+w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=orKYDpl+; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id E3F8265091 for ; Tue, 19 Dec 2023 23:40:28 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rFikt-0006vi-Cs; Tue, 19 Dec 2023 17:40:03 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rFikq-0006tp-Uq for guix-patches@gnu.org; Tue, 19 Dec 2023 17:40:00 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rFikp-0004la-Vl for guix-patches@gnu.org; Tue, 19 Dec 2023 17:40:00 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rFiks-0006EI-Gx for guix-patches@gnu.org; Tue, 19 Dec 2023 17:40:02 -0500 Subject: bug#67867: [PATCH shepherd] service: fix ownership+permissions on Unix sockets Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-To: guix-patches@gnu.org Resent-Date: Tue, 19 Dec 2023 22:40:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: cc-closed 67867 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ulrich Baum Cc: 67867-done@debbugs.gnu.org Mail-Followup-To: 67867@debbugs.gnu.org, ludo@gnu.org, ulrich.baum@ubaum.de Received: via spool by 67867-done@debbugs.gnu.org id=D67867.170302555123882 (code D ref 67867); Tue, 19 Dec 2023 22:40:02 +0000 Received: (at 67867-done) by debbugs.gnu.org; 19 Dec 2023 22:39:11 +0000 Received: from localhost ([127.0.0.1]:37797 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rFik3-0006D8-I0 for submit@debbugs.gnu.org; Tue, 19 Dec 2023 17:39:11 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:56224) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rFik1-0006Ct-5H for 67867-done@debbugs.gnu.org; Tue, 19 Dec 2023 17:39:10 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rFijs-0004gN-Fd; Tue, 19 Dec 2023 17:39:00 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=c8CKXnII4+SXXBrCZLKyX1QUyvcZxH/IkIjju8NpqQY=; b=orKYDpl+uqt1qSqNHG3D EDKtP4fjLkpyPIgvwa+AUlf4gRkaGiuy0AJAjWvRzGNB/1VF4mO01Z4GsIEp3OlLxx31eBkdk5mJn s6cnYCw/sQVe2npYjpISG05iAHMWOVQBgwlzekNA2q6cSIzJlwX9uYNBuy/Izv956lX24EjmCa/Ij C21fD0EwLUm4O0sV23ORJ5soBg2Vh1BlLSvb0g2ABkICC0urvQeo+g7hDuf+BVpkwdXvMOfrHXT9R v44UnMmfHpcOTjm4quZGB1PwGpSDWl3CqqGQapRXep3hlXwvmbzzjvy9j1zsF4EhiURESaelHjWgA HFVekSR0l7x0sg==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= In-Reply-To: <656849315.83800.1702820292582@office.mailbox.org> (Ulrich Baum's message of "Sun, 17 Dec 2023 14:38:12 +0100 (CET)") References: <656849315.83800.1702820292582@office.mailbox.org> Date: Tue, 19 Dec 2023 23:38:57 +0100 Message-ID: <87a5q5izr2.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -6.92 X-Spam-Score: -6.92 X-Migadu-Queue-Id: E3F8265091 X-Migadu-Scanner: mx12.migadu.com X-TUID: H6wh9Dc2J0Wj Hi Ulrich, Ulrich Baum skribis: > Previously, ownership and permissions of AF_UNIX sockets created by > make-inetd-constructor and make-systemd-constructor were not set, > leaving the socket with root:root and 755 permissions. > > modules/shepherd/service.scm (endpoint->listening-socket): fix chown and > chmod calls [...] > (when (=3D AF_UNIX (sockaddr:fam address)) > - (chown sock owner group) > - (chmod sock #o666)) > + (chown (sockaddr:path address) owner group) > + (chmod (sockaddr:path address) #o666)) Good catch! I was surprised that fchown(2) and fchmod(2) silently did nothing, but that=E2=80=99s how it is. Pushed together with a test, which allowed me to find a related bug (more serious, because it=E2=80=99s about permissions on the socket=E2=80= =99s directory): 9dfeb4e support: =E2=80=98mkdir-p=E2=80=99 sets permissions when director= y already exists. f5b7411 service: Really set ownership and permissions on Unix sockets. (BTW, I have just renamed =E2=80=98master=E2=80=99 to =E2=80=98main=E2=80= =99, but =E2=80=98master=E2=80=99 hasn=E2=80=99t been deleted yet from the server; make sure to pick =E2=80=98main=E2=80=99 and a= djust your Git config.) Thanks, Ludo=E2=80=99.