diff options
| author | Jose Luis Duran <jlduran@FreeBSD.org> | 2025-10-17 14:34:55 +0000 |
|---|---|---|
| committer | Jose Luis Duran <jlduran@FreeBSD.org> | 2025-10-18 17:11:49 +0000 |
| commit | edadbc6ee95570627679f3bc14a1d5476d0ce339 (patch) | |
| tree | e6ef7f293dab8b5081f89db66158da678e212a13 | |
| parent | 982d70ca2e6333b7e8ccf828b004ccf20a9cc550 (diff) | |
rc: dmesg: Allow umask to be configurable
Allow umask to be configurable.
Being able to set the umask via an rc variable is useful when setting:
security.bsd.unprivileged_read_msgbuf=0
As it allows a user to configure:
dmesg_umask="066"
Without modifying the rc script, and preventing the contents of the
$dmesg_file (/var/run/dmesg.boot) from being publicly readable.
PR: 272552
Reviewed by: netchild
MFC after: 2 days
Differential Revision: https://reviews.freebsd.org/D53169
| -rw-r--r-- | libexec/rc/rc.conf | 1 | ||||
| -rwxr-xr-x | libexec/rc/rc.d/dmesg | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf index 939acd3b5226..ada9094360f6 100644 --- a/libexec/rc/rc.conf +++ b/libexec/rc/rc.conf @@ -707,6 +707,7 @@ osrelease_enable="YES" # Update /var/run/os-release on boot (or NO). osrelease_file="/var/run/os-release" # File to update for os-release. osrelease_perms="444" # Default permission for os-release file. dmesg_enable="YES" # Save dmesg(8) to /var/run/dmesg.boot +dmesg_umask="022" # Default umask for /var/run/dmesg.boot file. watchdogd_enable="NO" # Start the software watchdog daemon watchdogd_flags="" # Flags to watchdogd (if enabled) watchdogd_timeout="" # watchdogd timeout, overrides -t in watchdogd_flags diff --git a/libexec/rc/rc.d/dmesg b/libexec/rc/rc.d/dmesg index 51e35d5d4e80..736449f3b159 100755 --- a/libexec/rc/rc.d/dmesg +++ b/libexec/rc/rc.d/dmesg @@ -19,7 +19,7 @@ stop_cmd=":" do_dmesg() { rm -f ${dmesg_file} - ( umask 022 ; /sbin/dmesg $rc_flags > ${dmesg_file} ) + ( umask "${dmesg_umask}" ; /sbin/dmesg $rc_flags > ${dmesg_file} ) } load_rc_config $name |