Skip site navigation (1)Skip section navigation (2) 



| raw e-mail
| index
| archive
| help



The branch stable/13 has been updated by jlduran:

URL: https://cgit.FreeBSD.org/src/commit/?id=549cba3c9d1e14fffa9a99ed7b6ee51eb6d20e51

commit 549cba3c9d1e14fffa9a99ed7b6ee51eb6d20e51
Author:     Jose Luis Duran <jlduran@FreeBSD.org>
AuthorDate: 2025-10-17 14:34:55 +0000
Commit:     Jose Luis Duran <jlduran@FreeBSD.org>
CommitDate: 2025-10-20 16:05:40 +0000

    rc: dmesg: Allow umask to be configurable
    
    Allow umask to be configurable.
    
    Being able to set the umask via an rc variable is useful when setting:
    
        security.bsd.unprivileged_read_msgbuf=0
    
    As it allows a user to configure:
    
        dmesg_umask="066"
    
    Without modifying the rc script, and preventing the contents of the
    $dmesg_file (/var/run/dmesg.boot) from being publicly readable.
    
    PR:             272552
    Reviewed by:    netchild
    MFC after:      2 days
    Differential Revision:  https://reviews.freebsd.org/D53169
    
    (cherry picked from commit edadbc6ee95570627679f3bc14a1d5476d0ce339)
---
 libexec/rc/rc.conf    | 1 +
 libexec/rc/rc.d/dmesg | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf
index 4751d000c936..d740d2df32d9 100644
--- a/libexec/rc/rc.conf
+++ b/libexec/rc/rc.conf
@@ -708,6 +708,7 @@ osrelease_enable="YES"	# Update /var/run/os-release on boot (or NO).
 osrelease_file="/var/run/os-release" # File to update for os-release.
 osrelease_perms="444"	# Default permission for os-release file.
 dmesg_enable="YES"	# Save dmesg(8) to /var/run/dmesg.boot
+dmesg_umask="022"	# Default umask for /var/run/dmesg.boot file.
 watchdogd_enable="NO"	# Start the software watchdog daemon
 watchdogd_flags=""	# Flags to watchdogd (if enabled)
 watchdogd_timeout=""	# watchdogd timeout, overrides -t in watchdogd_flags
diff --git a/libexec/rc/rc.d/dmesg b/libexec/rc/rc.d/dmesg
index ed36ec17b419..b6ad4b65d8f8 100755
--- a/libexec/rc/rc.d/dmesg
+++ b/libexec/rc/rc.d/dmesg
@@ -19,7 +19,7 @@ stop_cmd=":"
 do_dmesg()
 {
 	rm -f ${dmesg_file}
-	( umask 022 ; /sbin/dmesg $rc_flags > ${dmesg_file} )
+	( umask "${dmesg_umask}" ; /sbin/dmesg $rc_flags > ${dmesg_file} )
 }
 
 load_rc_config $name







Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?>