commit: bf6fdfd10493e1d4b51195cc9daa4a7093402c4f
Author: Christian Göttsche <cgzones <AT> googlemail <DOT> com>
AuthorDate: Fri Nov 5 13:32:30 2021 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Nov 11 21:26:50 2021 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bf6fdfd1
Ignore umask on when installing headers
Use install(1) with explicit permission to create directories and
files. In case umask(2) is set too strict the installed files will
otherwise not be readable by unprivileged users.
Signed-off-by: Christian Göttsche <cgzones <AT> googlemail.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
Makefile | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/Makefile b/Makefile
index ba346a27..53af1468 100644
--- a/Makefile
+++ b/Makefile
@@ -534,17 +534,19 @@ $(appdir)/%: $(appconf)/%
# Install policy headers
#
install-headers: $(layerxml) $(tunxml) $(boolxml) $(gentooxml)
- @mkdir -p $(headerdir)
+ $(verbose) $(INSTALL) -d -m 755 $(headerdir)
@echo "Installing $(NAME) policy headers."
$(verbose) $(INSTALL) -m 644 $^ $(headerdir)
- $(verbose) mkdir -p $(headerdir)/support
+ $(verbose) $(INSTALL) -d -m 755 $(headerdir)/support
$(verbose) $(INSTALL) -m 644 $(m4support) $(xmldtd) $(headerdir)/support
$(verbose) $(INSTALL) -m 755 $(word $(words $(genxml)),$(genxml))
$(headerdir)/support
+ $(verbose) $(INSTALL) -m 644 /dev/null
$(headerdir)/support/all_perms.spt
$(verbose) $(genperm) $(avs) $(secclass) >
$(headerdir)/support/all_perms.spt
$(verbose) for i in $(notdir $(all_layers)); do \
- mkdir -p $(headerdir)/$$i ;\
+ $(INSTALL) -d -m 755 $(headerdir)/$$i ;\
$(INSTALL) -m 644 $(moddir)/$$i/*.if $(headerdir)/$$i ;\
done
+ $(verbose) $(INSTALL) -m 644 /dev/null $(headerdir)/build.conf
$(verbose) echo "TYPE ?= $(TYPE)" > $(headerdir)/build.conf
$(verbose) echo "NAME ?= $(NAME)" >> $(headerdir)/build.conf
ifneq "$(DISTRO)" ""
