/* It's what gzip does, 9 is too slow */
#define OSTREE_ARCHIVE_DEFAULT_COMPRESSION_LEVEL (6)
+/* Note the permissive group bits. We want to be liberal here and let individual machines
+ * narrow permissions as needed via umask. This is important in setups where group ownership
+ * can matter for repo management (like OpenShift). */
+#define DEFAULT_DIRECTORY_MODE 0775
+#define DEFAULT_REGFILE_MODE 0660
+
/* This file contains private implementation data format definitions
* read by multiple implementation .c files.
*/
if (self->uncompressed_objects_dir_fd == -1)
{
- if (!glnx_shutil_mkdir_p_at (self->repo_dir_fd, "uncompressed-objects-cache", 0755,
- cancellable, error))
+ if (!glnx_shutil_mkdir_p_at (self->repo_dir_fd, "uncompressed-objects-cache",
+ DEFAULT_DIRECTORY_MODE, cancellable, error))
return FALSE;
if (!glnx_opendirat (self->repo_dir_fd, "uncompressed-objects-cache", TRUE,
&self->uncompressed_objects_dir_fd,
if (self->cache_dir_fd == -1)
return TRUE;
- if (!glnx_shutil_mkdir_p_at (self->cache_dir_fd, _OSTREE_SUMMARY_CACHE_DIR, 0775, cancellable, error))
+ if (!glnx_shutil_mkdir_p_at (self->cache_dir_fd, _OSTREE_SUMMARY_CACHE_DIR, DEFAULT_DIRECTORY_MODE, cancellable, error))
return FALSE;
const char *summary_cache_file = glnx_strjoina (_OSTREE_SUMMARY_CACHE_DIR, "/", remote);
g_autofree char *dnbuf = g_strdup (descriptor_relpath);
const char *dn = dirname (dnbuf);
- if (!glnx_shutil_mkdir_p_at (self->repo_dir_fd, dn, 0755, cancellable, error))
+ if (!glnx_shutil_mkdir_p_at (self->repo_dir_fd, dn, DEFAULT_DIRECTORY_MODE, cancellable, error))
goto out;
if (!glnx_opendirat (self->repo_dir_fd, dn, TRUE, &descriptor_dfd, error))
goto out;
g_debug ("Opening repo lock file");
lock->fd = TEMP_FAILURE_RETRY (openat (self->repo_dir_fd, ".lock",
O_CREAT | O_RDWR | O_CLOEXEC,
- 0600));
+ DEFAULT_REGFILE_MODE));
if (lock->fd < 0)
{
free_repo_lock (lock);
}
}
- if (mkdirat (dfd, path, 0755) != 0)
+ if (mkdirat (dfd, path, DEFAULT_DIRECTORY_MODE) != 0)
{
if (G_UNLIKELY (errno != EEXIST))
return glnx_throw_errno_prefix (error, "mkdirat");
for (guint i = 0; i < G_N_ELEMENTS (state_dirs); i++)
{
const char *elt = state_dirs[i];
- if (mkdirat (repo_dfd, elt, 0755) == -1)
+ if (mkdirat (repo_dfd, elt, DEFAULT_DIRECTORY_MODE) == -1)
{
if (G_UNLIKELY (errno != EEXIST))
return glnx_throw_errno_prefix (error, "mkdirat");
*
* https://github.com/ostreedev/ostree/issues/1018
*/
- if (mkdirat (self->repo_dir_fd, "tmp", 0755) == -1)
+ if (mkdirat (self->repo_dir_fd, "tmp", DEFAULT_DIRECTORY_MODE) == -1)
{
if (G_UNLIKELY (errno != EEXIST))
return glnx_throw_errno_prefix (error, "mkdir(tmp)");
if (self->writable)
{
- if (!glnx_shutil_mkdir_p_at (self->tmp_dir_fd, _OSTREE_CACHE_DIR, 0775, cancellable, error))
+ if (!glnx_shutil_mkdir_p_at (self->tmp_dir_fd, _OSTREE_CACHE_DIR, DEFAULT_DIRECTORY_MODE, cancellable, error))
return FALSE;
if (!glnx_opendirat (self->tmp_dir_fd, _OSTREE_CACHE_DIR, TRUE, &self->cache_dir_fd, error))
{
g_auto(GLnxTmpDir) new_tmpdir = { 0, };
/* No existing tmpdir found, create a new */
- if (!glnx_mkdtempat (tmpdir_dfd, tmpdir_name_template, 0755,
+ if (!glnx_mkdtempat (tmpdir_dfd, tmpdir_name_template, DEFAULT_DIRECTORY_MODE,
&new_tmpdir, error))
return FALSE;
projects / ostree.git / commitdiff