On Thu, May 11, 2017 at 06:36:22PM -0400, John Ferlan wrote: > > > On 05/11/2017 04:31 AM, Christian Ehrhardt wrote: > > From: Serge Hallyn <serge.hallyn@xxxxxxxxxx> > > > > There should be no need to make dir based pools world readable. > > So use 0711, not 0755, as the default perms for storage dirs. > > > > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx> > > --- > > docs/formatstorage.html.in | 2 +- > > src/storage/storage_util.h | 2 +- > > 2 files changed, 2 insertions(+), 2 deletions(-) > > > > Kinda surprised this didn't generate some immediate discussion... I > would also think that if you had a desire to change defaults you'd also > have a libvirt.spec.in adjustment... Actually no it doesn't - the spec file is already marking /var/lib/libvirt/images as 0711. > Still 0755 or umask(022) seem to be fairly prevalent setting and having > the <mode> for the XML to be able to override a default certainly gives > credence to arguments in either direction whether or not to change the > defaults. > > It's been a long while since I considered system/directory/file security > things, but I have this faint recollection of some strange issue when > not having world or group "executable" as a default. The fact that RPM spec ships with 0711 show that it works ok. So I think this change is reasonable. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
