git: d8ddea0d4b0a - stable/14 - rc: dmesg: Allow umask to be configurable

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Jose Luis Duran <jlduran_at_FreeBSD.org>
Date: Mon, 20 Oct 2025 16:09:46 UTC
The branch stable/14 has been updated by jlduran:

URL: https://cgit.FreeBSD.org/src/commit/?id=d8ddea0d4b0ad316000970987d26307e84ce1efc

commit d8ddea0d4b0ad316000970987d26307e84ce1efc
Author:     Jose Luis Duran <jlduran@FreeBSD.org>
AuthorDate: 2025-10-17 14:34:55 +0000
Commit:     Jose Luis Duran <jlduran@FreeBSD.org>
CommitDate: 2025-10-20 16:09:30 +0000

    rc: dmesg: Allow umask to be configurable
    
    Allow umask to be configurable.
    
    Being able to set the umask via an rc variable is useful when setting:
    
        security.bsd.unprivileged_read_msgbuf=0
    
    As it allows a user to configure:
    
        dmesg_umask="066"
    
    Without modifying the rc script, and preventing the contents of the
    $dmesg_file (/var/run/dmesg.boot) from being publicly readable.
    
    PR:             272552
    Reviewed by:    netchild
    MFC after:      2 days
    Differential Revision:  https://reviews.freebsd.org/D53169
    
    (cherry picked from commit edadbc6ee95570627679f3bc14a1d5476d0ce339)
---
 libexec/rc/rc.conf    | 1 +
 libexec/rc/rc.d/dmesg | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf
index 39ec921b36c5..a1bb88903911 100644
--- a/libexec/rc/rc.conf
+++ b/libexec/rc/rc.conf
@@ -710,6 +710,7 @@ osrelease_enable="YES"	# Update /var/run/os-release on boot (or NO).
 osrelease_file="/var/run/os-release" # File to update for os-release.
 osrelease_perms="444"	# Default permission for os-release file.
 dmesg_enable="YES"	# Save dmesg(8) to /var/run/dmesg.boot
+dmesg_umask="022"	# Default umask for /var/run/dmesg.boot file.
 watchdogd_enable="NO"	# Start the software watchdog daemon
 watchdogd_flags=""	# Flags to watchdogd (if enabled)
 watchdogd_timeout=""	# watchdogd timeout, overrides -t in watchdogd_flags
diff --git a/libexec/rc/rc.d/dmesg b/libexec/rc/rc.d/dmesg
index ed36ec17b419..b6ad4b65d8f8 100755
--- a/libexec/rc/rc.d/dmesg
+++ b/libexec/rc/rc.d/dmesg
@@ -19,7 +19,7 @@ stop_cmd=":"
 do_dmesg()
 {
 	rm -f ${dmesg_file}
-	( umask 022 ; /sbin/dmesg $rc_flags > ${dmesg_file} )
+	( umask "${dmesg_umask}" ; /sbin/dmesg $rc_flags > ${dmesg_file} )
 }
 
 load_rc_config $name