services: urandom-seed: Set umask to 077 while shutting down.

* gnu/services/base.scm (urandom-seed-shepherd-service): Call 'umask'.
author: Leo Famulari <leo@famulari.name> 2016-05-29 11:13:59 -0400
committer: Leo Famulari <leo@famulari.name> 2016-05-31 00:03:10 -0400
commit: 8fe5d95e6653a8ca2f40048b71bb596c80bb264f (patch)
tree: a44778d0e26e752e7b8494c1cea9334a026174d2
parent: df2dd07b880432a0205dd399fede6dee5b9af76b (diff)
download: guix-8fe5d95e6653a8ca2f40048b71bb596c80bb264f.tar.gz
1 files changed, 6 insertions, 4 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index a45f219643..b8e4741739 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -460,10 +460,12 @@ stopped before 'kill' is called."
                    (let ((buf (make-bytevector 512)))
                      (call-with-input-file "/dev/urandom"
                        (lambda (urandom)
-                         (get-bytevector-n! urandom buf 0 512)
-                         (call-with-output-file #$%random-seed-file
-                           (lambda (seed)
-                             (put-bytevector seed buf)))
+                         (let ((previous-umask (umask #o077)))
+                           (get-bytevector-n! urandom buf 0 512)
+                           (call-with-output-file #$%random-seed-file
+                             (lambda (seed)
+                               (put-bytevector seed buf)))
+                           (umask previous-umask))
                          #t)))))
          (modules `((rnrs bytevectors)
                     (rnrs io ports)
author	Leo Famulari <leo@famulari.name>	2016-05-29 11:13:59 -0400
committer	Leo Famulari <leo@famulari.name>	2016-05-31 00:03:10 -0400
commit	8fe5d95e6653a8ca2f40048b71bb596c80bb264f (patch)
tree	a44778d0e26e752e7b8494c1cea9334a026174d2
parent	df2dd07b880432a0205dd399fede6dee5b9af76b (diff)
download	guix-8fe5d95e6653a8ca2f40048b71bb596c80bb264f.tar.gz