Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 Oct 2025 16:09:14 GMT
From:      Jose Luis Duran <jlduran@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: fa2e886206f4 - stable/15 - rc: dmesg: Allow umask to be configurable
Message-ID:  <202510201609.59KG9E6w024303@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch stable/15 has been updated by jlduran:

URL: https://cgit.FreeBSD.org/src/commit/?id=fa2e886206f41b4ce652377a6da163103ef25351

commit fa2e886206f41b4ce652377a6da163103ef25351
Author:     Jose Luis Duran <jlduran@FreeBSD.org>
AuthorDate: 2025-10-17 14:34:55 +0000
Commit:     Jose Luis Duran <jlduran@FreeBSD.org>
CommitDate: 2025-10-20 16:04:35 +0000

    rc: dmesg: Allow umask to be configurable
    
    Allow umask to be configurable.
    
    Being able to set the umask via an rc variable is useful when setting:
    
        security.bsd.unprivileged_read_msgbuf=0
    
    As it allows a user to configure:
    
        dmesg_umask="066"
    
    Without modifying the rc script, and preventing the contents of the
    $dmesg_file (/var/run/dmesg.boot) from being publicly readable.
    
    PR:             272552
    Reviewed by:    netchild
    MFC after:      2 days
    Differential Revision:  https://reviews.freebsd.org/D53169
    
    (cherry picked from commit edadbc6ee95570627679f3bc14a1d5476d0ce339)
---
 libexec/rc/rc.conf    | 1 +
 libexec/rc/rc.d/dmesg | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf
index 87f9d50b3b3c..2b6db04d08e3 100644
--- a/libexec/rc/rc.conf
+++ b/libexec/rc/rc.conf
@@ -707,6 +707,7 @@ osrelease_enable="YES"	# Update /var/run/os-release on boot (or NO).
 osrelease_file="/var/run/os-release" # File to update for os-release.
 osrelease_perms="444"	# Default permission for os-release file.
 dmesg_enable="YES"	# Save dmesg(8) to /var/run/dmesg.boot
+dmesg_umask="022"	# Default umask for /var/run/dmesg.boot file.
 watchdogd_enable="NO"	# Start the software watchdog daemon
 watchdogd_flags=""	# Flags to watchdogd (if enabled)
 watchdogd_timeout=""	# watchdogd timeout, overrides -t in watchdogd_flags
diff --git a/libexec/rc/rc.d/dmesg b/libexec/rc/rc.d/dmesg
index 51e35d5d4e80..736449f3b159 100755
--- a/libexec/rc/rc.d/dmesg
+++ b/libexec/rc/rc.d/dmesg
@@ -19,7 +19,7 @@ stop_cmd=":"
 do_dmesg()
 {
 	rm -f ${dmesg_file}
-	( umask 022 ; /sbin/dmesg $rc_flags > ${dmesg_file} )
+	( umask "${dmesg_umask}" ; /sbin/dmesg $rc_flags > ${dmesg_file} )
 }
 
 load_rc_config $name
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202510201609.59KG9E6w024303>