grubconfig: set /boot/grub2/grub.cfg file mode to 0600#961
grubconfig: set /boot/grub2/grub.cfg file mode to 0600#961cgwalters merged 2 commits intocoreos:mainfrom
/boot/grub2/grub.cfg file mode to 0600#961Conversation
cgwalters
left a comment
cgwalters
left a comment
There was a problem hiding this comment.
One overall issue on this is because we don't have a mechanism to update the static configs, existing systems will stay as is.
src/grubconfigs.rs
Outdated
| efidir | ||
| .copy_file(&Path::new(CONFIGDIR).join("grub-static-efi.cfg"), target) | ||
| .context("Copying static EFI")?; | ||
| efidir.set_mode(target, GRUBCONFIG_FILE_MODE)?; |
There was a problem hiding this comment.
Side note: in the future we could use https://docs.rs/cap-std-ext/latest/cap_std_ext/dirext/trait.CapStdExtDirExt.html#tymethod.atomic_write_with_perms to do this in one step.
There was a problem hiding this comment.
Thank you for the comment, I see your PR in #674 is using cap-std-ext, maybe we can continue that.
HuijingHei
force-pushed
the
fix-grub-permission
branch
from
8d0f0f3 to
30ce64c
Compare
|
Hm, not sure offhand why the test is failing. Possibly we're not running the updated code we think we are, or the code is wrong. |
Copy Colin's comment: ``` One overall issue on this is because we don't have a mechanism to update the static configs, existing systems will stay as is. ``` See coreos#952 & https://redhat-internal.slack.com/archives/C01BSEK9PM1/p1750152540290679
HuijingHei
force-pushed
the
fix-grub-permission
branch
from
30ce64c to
304d7dc
Compare
HuijingHei
force-pushed
the
fix-grub-permission
branch
from
304d7dc to
e944eef
Compare
Thank you for the review! Look that the issue and find the requirement here is only related to |
HuijingHei
changed the title
0600/boot/grub2/grub.cfg file mode to 0600
2 participants
Copy Colin's comment:
See #952 &
https://redhat-internal.slack.com/archives/C01BSEK9PM1/p1750152540290679