Re: [qubes-devel] Re: [PATCH] Fix policy.Replace changing the file mode
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, May 27, 2023 at 07:33:53PM +, Ben Grande wrote: > On 23-05-27 19:25:54, Ben Grande wrote: > > Without this, it defaults to what unmask allows, normally 644. > > Without being group owned, editing the policy manually leads to a RO > > file and if the user force writes, will change the ownership to > > user:user. > > > > Signed-off-by: Ben Grande > > --- > > qrexec/policy/admin.py | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/qrexec/policy/admin.py b/qrexec/policy/admin.py > > index da5bd9f..c5bfc23 100644 > > --- a/qrexec/policy/admin.py > > +++ b/qrexec/policy/admin.py > > @@ -201,6 +201,7 @@ class PolicyAdmin: > > > > temp_path = path.with_name(RENAME_PREFIX + path.name) > > temp_path.write_bytes(data) > > +temp_path.chmod(0o664) > > temp_path.rename(path) > > > > # Remove > > -- > > Benjamin Grande > > Perhaps it should also set the ownership to root:qubes? Yes, I think so. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmRya6sACgkQ24/THMrX 1ywTKAgAhiA0mnNSdHQNdcC07kujGCQAoliWmA4xLZ62eC/puXoeMPfIpAQDbDrJ nH9V9Ep2OaERUBRO0+/gcmnGWxRmeMYD1WGt/NlGlrCXRhpJjxxBZx5xSeIZRt6b DAtrVADJr650spRO/WuxmyStaPnZkXvefcz89Wl4qJUscrmNNnGGC1E1zmbh1V49 onJJNMemDalFyTPkA0uajh7CeSwEdpml4G+tBVh8T11k0F6DBVT0BdlsZyFrEHF6 KjB5Vlv2xVog13z7KNvWxfYn2s/Om4sTJMqCCCQr0vexpG0RXZBAEgMdI/xf5und Y3/0vyvY2vmrnE+UkuLUzDM0Yk32fQ== =dHmf -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ZHJrq0I4yBA1cXy6%40mail-itl.
[qubes-devel] Re: [PATCH] Fix policy.Replace changing the file mode
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 23-05-27 19:25:54, Ben Grande wrote: > Without this, it defaults to what unmask allows, normally 644. > Without being group owned, editing the policy manually leads to a RO > file and if the user force writes, will change the ownership to > user:user. > > Signed-off-by: Ben Grande > --- > qrexec/policy/admin.py | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/qrexec/policy/admin.py b/qrexec/policy/admin.py > index da5bd9f..c5bfc23 100644 > --- a/qrexec/policy/admin.py > +++ b/qrexec/policy/admin.py > @@ -201,6 +201,7 @@ class PolicyAdmin: > > temp_path = path.with_name(RENAME_PREFIX + path.name) > temp_path.write_bytes(data) > +temp_path.chmod(0o664) > temp_path.rename(path) > > # Remove > -- > Benjamin Grande Perhaps it should also set the ownership to root:qubes? - -- Benjamin Grande -BEGIN PGP SIGNATURE- iNUEARYKAH0WIQRklnEdsUUe50UmvUUbcxS/DMyWhwUCZHJbIV8UgAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NjQ5 NjcxMURCMTQ1MUVFNzQ1MjZCRDQ1MUI3MzE0QkYwQ0NDOTY4NwAKCRAbcxS/DMyW h6/kAQDpolXlt7PC8+oCZxKR4wBxjyq68XTTgrKITHhkC87aCQEA4uF5HVH3TQhG u2TTdg0ag8LelGDYi6LWSXsMZdrUyAQ= =oEII -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ZHJbIQkjF8GRroUk%40personal-mutt.
[qubes-devel] [PATCH] Fix policy.Replace changing the file mode
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Without this, it defaults to what unmask allows, normally 644. Without being group owned, editing the policy manually leads to a RO file and if the user force writes, will change the ownership to user:user. Signed-off-by: Ben Grande - --- qrexec/policy/admin.py | 1 + 1 file changed, 1 insertion(+) diff --git a/qrexec/policy/admin.py b/qrexec/policy/admin.py index da5bd9f..c5bfc23 100644 - --- a/qrexec/policy/admin.py +++ b/qrexec/policy/admin.py @@ -201,6 +201,7 @@ class PolicyAdmin: temp_path = path.with_name(RENAME_PREFIX + path.name) temp_path.write_bytes(data) +temp_path.chmod(0o664) temp_path.rename(path) # Remove - -- Benjamin Grande -BEGIN PGP SIGNATURE- iNUEARYKAH0WIQRklnEdsUUe50UmvUUbcxS/DMyWhwUCZHJZQl8UgAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NjQ5 NjcxMURCMTQ1MUVFNzQ1MjZCRDQ1MUI3MzE0QkYwQ0NDOTY4NwAKCRAbcxS/DMyW h4WuAQC50a9ABkqPcJk/Skl4SdKqTjrN9Y6A3BoGW0HeQyK2QgEA4+yDPtdjVrJe GzvpRXRruti11oPj72CIaatLIrXMOQA= =WUKS -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ZHJZQpu6zDBhGEEI%40personal-mutt.