Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move server socket to subdirectory and drop world read/execute perrmissions #23

Closed
wants to merge 3 commits into from
Closed

Move server socket to subdirectory and drop world read/execute perrmissions #23

wants to merge 3 commits into from

Commits on Dec 25, 2020

  1. Move radeon-profile-daemon-server socket file into its own subdir und… 

    …er /run

The rationale here is that QT has no methods to run chown on some
files but we do not want the socket being world readable. So instead of
writing lenghty C++-code using chown, we simply move the socket file into a
subdir which we can put our preferred permissions on during startup of the
daemon.

Signed-off-by: Lars Wendler <[email protected]>
    @stintel
    Lars Wendler authored and stintel committed Dec 25, 2020
    Configuration menu
    Copy the full SHA
    5010ec0 View commit details
    Browse the repository at this point in the history

  2. Add tmpfiles configuration file. 

    This file can be used by opentmpfiles or systemd-tmpfiles to make sure
the /run/radeon-profile-daemon directory exists with the correct
ownership and permissions, effectively making the socket no longer world
writeable.

Signed-off-by: Stijn Tintel <[email protected]>
    @stintel
    stintel committed Dec 25, 2020
    Configuration menu
    Copy the full SHA
    ae53549 View commit details
    Browse the repository at this point in the history

  3. Make UNIX socket group writeable 

    In Linux, UNIX sockets honor the permissions of the directory they are
in. Now that the UNIX socket was moved to its own subdirectory in /run,
which is not accessible by other, the socket is no longer world
writeable.

However, this is not enough to make the socket writeable by the group
that owns the subdirectory. Make the socket group writeable. This way,
it will be writeable by the group owning the directory the socket is in.

Closes #18

Signed-off-by: Stijn Tintel <[email protected]>
    @stintel
    stintel committed Dec 25, 2020
    Configuration menu
    Copy the full SHA
    011e290 View commit details
    Browse the repository at this point in the history