From d7113bb655ff80a868a9e624c913f9d23e6c63ad Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 6 Apr 2020 23:50:27 +0200 Subject: services: syslog: Create log files as non-world-readable. Partly fixes . Reported by Diego Nicola Barbato . * gnu/services/base.scm (syslog-service-type): Change 'start' method to set umask to #o137 before spawning syslogd. * gnu/tests/base.scm (run-basic-test)["/var/log/messages is not world-readable"]: New test. --- gnu/tests/base.scm | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'gnu/tests') diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm index 37b83dc7ec..fe63cecbd0 100644 --- a/gnu/tests/base.scm +++ b/gnu/tests/base.scm @@ -195,6 +195,14 @@ info --version") (pk 'services services) '(root #$@(operating-system-shepherd-service-names os))))) + (test-equal "/var/log/messages is not world-readable" + #o640 ; + (begin + (wait-for-file "/var/log/messages" marionette + #:read 'get-u8) + (marionette-eval '(stat:perms (lstat "/var/log/messages")) + marionette))) + (test-assert "homes" (let ((homes '#$(map user-account-home-directory -- cgit 1.4.1