Skip to content

Commit 6e4afb4

Browse files
AkihiroSudaAkihiroSuda
authored
Merge pull request #3708 from apostasie/fix-permission
Fix permissions for resolv.conf and hosts
2 parents 3c41efe + 442b01d commit 6e4afb4

File tree

2 files changed

+27
-1
lines changed

2 files changed

+27
-1
lines changed

pkg/dnsutil/hostsstore/hostsstore.go

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -115,6 +115,14 @@ func (x *hostsStore) Acquire(meta Meta) (err error) {
115115
return errors.Join(store.ErrSystemFailure, err)
116116
}
117117

118+
// os.WriteFile relies on syscall.Open. Unless there are ACLs, the effective mode of the file will be matched
119+
// against the current process umask.
120+
// See https://www.man7.org/linux/man-pages/man2/open.2.html for details.
121+
// Since we must make sure that these files are world readable, explicitly chmod them here.
122+
if err = os.Chmod(loc, 0o644); err != nil {
123+
err = errors.Join(store.ErrSystemFailure, err)
124+
}
125+
118126
var content []byte
119127
content, err = json.Marshal(meta)
120128
if err != nil {
@@ -176,6 +184,14 @@ func (x *hostsStore) AllocHostsFile(id string, content []byte) (location string,
176184
err = errors.Join(store.ErrSystemFailure, err)
177185
}
178186

187+
// os.WriteFile relies on syscall.Open. Unless there are ACLs, the effective mode of the file will be matched
188+
// against the current process umask.
189+
// See https://www.man7.org/linux/man-pages/man2/open.2.html for details.
190+
// Since we must make sure that these files are world readable, explicitly chmod them here.
191+
if err = os.Chmod(loc, 0o644); err != nil {
192+
err = errors.Join(store.ErrSystemFailure, err)
193+
}
194+
179195
return err
180196
})
181197
if err != nil {
@@ -333,6 +349,7 @@ func (x *hostsStore) updateAllHosts() (err error) {
333349
if err != nil {
334350
log.L.WithError(err).Errorf("failed to write hosts file for %q", entry)
335351
}
352+
_ = os.Chmod(loc, 0o644)
336353
}
337354
return nil
338355
}

pkg/resolvconf/resolvconf.go

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -317,7 +317,16 @@ func Build(path string, dns, dnsSearch, dnsOptions []string) (*File, error) {
317317
return nil, err
318318
}
319319

320-
return &File{Content: content.Bytes(), Hash: hash}, os.WriteFile(path, content.Bytes(), 0644)
320+
err = os.WriteFile(path, content.Bytes(), 0o644)
321+
if err != nil {
322+
return nil, err
323+
}
324+
325+
// os.WriteFile relies on syscall.Open. Unless there are ACLs, the effective mode of the file will be matched
326+
// against the current process umask.
327+
// See https://www.man7.org/linux/man-pages/man2/open.2.html for details.
328+
// Since we must make sure that these files are world readable, explicitly chmod them here.
329+
return &File{Content: content.Bytes(), Hash: hash}, os.Chmod(path, 0o644)
321330
}
322331

323332
func hashData(src io.Reader) (string, error) {

0 commit comments

Comments
 (0)