From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 7044773043327991808 X-Received: by 2002:a5d:47c6:: with SMTP id o6mr67169126wrc.326.1641824376335; Mon, 10 Jan 2022 06:19:36 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:adf:fe8e:: with SMTP id l14ls124758wrr.3.gmail; Mon, 10 Jan 2022 06:19:35 -0800 (PST) X-Google-Smtp-Source: ABdhPJwQV8l+VALsbD834oRwjHQQ9349FpxAmqyiFYeM2gPcrZFdvU8MyOETWTlXo1YQISxQjYZN X-Received: by 2002:a05:6000:92:: with SMTP id m18mr65923100wrx.676.1641824375339; Mon, 10 Jan 2022 06:19:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1641824375; cv=none; d=google.com; s=arc-20160816; b=ZuofCnllcwYDOLIGtIaDyTUj7EfVYdrEaD9jj4THRgBawRv0dYVBYksZNa6NogIV86 WO+NILJRNSgQJ38UbC5zCoA/Mz50Z+2WklSQGs+L6BwIvQMWlZP7zKXji8jFn8b1FV9T YinD9DH0axz1d9qkJb32BYCSOVWLBBjthH4HW773zjyqthzKq+pQzM2y2jE89NeOGNye rLg1t8E+DIcxcNkCOnwOVS2VN0+Ncq11AbPxHuMeQ6ynzyO2E8BoVABpMbZL3n133/ZS r4L1X3Xj3MYgTYUNwEIuDn/p1GdD+lqzvfgf1K+jWTtSek71PDAIvsValaLPsKrn9EWJ 2fhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=vNDKLuIP8o+MSSIwhdTpD5YaiSGRCbQ0gBnbpzKE6Kg=; b=dB6MzxcurFjbEbcqUMUWGjeAOZcFJazXtOPbUmssYwaUBhhWACQ74RrihlHXr1REyS jIa0GipmbQEvSbMV1jPV4XLzusqMA3TrGvRqepKYE4/j4XLk7EK8gUeKjlRLJKBeCVOQ jEalOA3fZuWxdOTm+XRHLsyrAwjO1gASp9XfmFVq9hKKZf/zv09Z41AIj3Cx2si5ojGh Vd9SD87yWp25x470Nt4PLwQG20OZZ1xgF0i0QXv7Wv9DhG7xmZvZCx/EbeZhhnUiTtIE O7KSnMcLX+r3iDuQQvcqjoiffly85p02bDXN3yufPuGDBbSY5Kp3YwJr72NCnjm2Rb7q kZAg== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Return-Path: Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id l19si495648wms.3.2022.01.10.06.19.35 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 10 Jan 2022 06:19:35 -0800 (PST) Received-SPF: pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of ubely@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=ubely@ilbers.de Received: from hp.localnet (host-80-81-17-52.static.customer.m-online.net [80.81.17.52]) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8) with ESMTPSA id 20AEJXbe019232 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 10 Jan 2022 15:19:34 +0100 From: Uladzimir Bely To: Henning Schild Cc: isar-users@googlegroups.com Subject: Re: [PATCH] ci: make vm_start logs readable by all users Date: Mon, 10 Jan 2022 17:19:31 +0300 Message-ID: <9284020.eNJFYEL58v@hp> In-Reply-To: <20220110143246.7f0b31aa@md1za8fc.ad001.siemens.net> References: <20211223055720.4147-1-ubely@ilbers.de> <5338758.rdbgypaU67@hp> <20220110143246.7f0b31aa@md1za8fc.ad001.siemens.net> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: Z5L9pJhhoN1e In mail from =D0=BF=D0=BE=D0=BD=D0=B5=D0=B4=D0=B5=D0=BB=D1=8C=D0=BD=D0=B8= =D0=BA, 10 =D1=8F=D0=BD=D0=B2=D0=B0=D1=80=D1=8F 2022 =D0=B3. 16:32:46 +03 u= ser Henning Schild=20 wrote: > Am Mon, 10 Jan 2022 15:50:00 +0300 >=20 > schrieb Uladzimir Bely : > > In mail from =D0=B2=D1=82=D0=BE=D1=80=D0=BD=D0=B8=D0=BA, 4 =D1=8F=D0=BD= =D0=B2=D0=B0=D1=80=D1=8F 2022 =D0=B3. 22:58:39 +03 user Henning > >=20 > > Schild wrote: > > > Am Thu, 23 Dec 2021 06:57:20 +0100 > > >=20 > > > schrieb Uladzimir Bely : > > > > This changes permissions for ${BUILD_DIR}/vm_start_.*_log.txt > > > > from 600 to 644 to make them readable not only for jenkins user. > > >=20 > > > not everybody uses jenkins ... make it "CI user" > >=20 > > OK. > >=20 > > > > Signed-off-by: Uladzimir Bely > > > > --- > > > >=20 > > > > testsuite/vm_boot_test/vm_boot_test.py | 1 + > > > > 1 file changed, 1 insertion(+) > > > >=20 > > > > diff --git a/testsuite/vm_boot_test/vm_boot_test.py > > > > b/testsuite/vm_boot_test/vm_boot_test.py index 01623c5c..69e7f4ae > > > > 100644 --- a/testsuite/vm_boot_test/vm_boot_test.py > > > > +++ b/testsuite/vm_boot_test/vm_boot_test.py > > > >=20 > > > > @@ -46,6 +46,7 @@ class VmBase(Test): > > > > fd, output_file =3D tempfile.mkstemp(suffix=3D'_log.txt', > > > > =20 > > > > prefix=3D'vm_start_' + > > > >=20 > > > > distro + '_' + arch + '_', dir=3Dbuild_dir, text=3DTrue) > > > > + os.chmod(output_file, 0o644) > > >=20 > > > This smells like other output files could also have wrong > > > permissions while being relevant. > >=20 > > It looks like a specific behaviour of tempfile.mkstemp() function, > > that always creates file readable/writable only by the user ID. So, > > only vm logs are affected. >=20 > Yes, apparently that one is trying especially hard to make things > "secure". You could also switch to >=20 > with tempfile.TemporaryFile() as fp >=20 > in which case you should not have such problems. >=20 > Henning >=20 Yes, I looked for some alternatives. Probably, we could use=20 tempfile.NamedTemporaryFile() instead, because it allows to keep temporary= =20 file in the system (if argument delete=3DFalse). > > > If that might be the case, maybe centrally adjust umask for all of > > > the testsuite. > >=20 > > I've just played a bit with umask and it seems to work nice with > > something like 'touch', but python's tempfile.mkstemp() still always > > creates files with 0600 permissions, regardless of umask set for the > > same directory. > >=20 > > > Henning > > >=20 > > > > cmdline =3D start_vm.format_qemu_cmdline(arch, build_dir, > > > >=20 > > > > distro, output_file, None)