On Thu, Aug 25, 2022 at 10:06:29AM +0800, Lichen Liu wrote:
On Wed, Aug 24, 2022 at 6:40 PM Coiby Xu <coxu(a)redhat.com> wrote:
> Hi Lichen,
> Maybe it's better to use rpm %ghost directive like
> "%ghost %attr(600, root, root) ..." in this case.
I think %ghost% may not be able to handle $KDUMP_LOG_PATH very well.
KDUMP_LOG_PATH is used as a constant variable and is not user
configurable so this may not be an issue (I imagine the log path
/var/log/kdump.log won't change in the foreseeable future).
I failed to find more details about %ghost. The use case addressed by
this patch doesn't seem to completely fit the description on ,
A %ghost tag on a file indicates that this file is not to be included in the package. It
is typically used when the attributes of the file are important while the contents is not
(e.g. a log file).
So to avoid possible pitfalls of %ghost, it's better to fix the
permission issue in your way (what I don't like about current approach
is kdumpcl repeatedly reset the permission of kdump.log and this is not
necessary. Anyway it's a trivial issue.)
> On Wed, Aug 24, 2022 at 04:16:14PM +0800, Lichen Liu wrote:
> >Decrease the risk that of leaking information that could potentially
> >be used to exploit the crash further (think location of keys).
Correct me if I am wrong, but I feel there is space for improving the
wording of the commit message. If so, do you have any suggestion?
> >Signed-off-by: Lichen Liu <lichliu(a)redhat.com>
> > kdumpctl | 1 +
> > 1 file changed, 1 insertion(+)
> >diff --git a/kdumpctl b/kdumpctl
> >index 126ecb9..0e37d36 100755
> >--- a/kdumpctl
> >+++ b/kdumpctl
> >@@ -691,6 +691,7 @@ load_kdump()
> > # and release it.
> > exec 12>&2
> > exec 2>> $KDUMP_LOG_PATH/kdump.log
> >+ chmod 600 $KDUMP_LOG_PATH/kdump.log
> > PS4='+ $(date "+%Y-%m-%d %H:%M:%S")
> > set -x
> >kexec mailing list -- kexec(a)lists.fedoraproject.org
> >To unsubscribe send an email to kexec-leave(a)lists.fedoraproject.org
> >Fedora Code of Conduct:
> >List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> >List Archives:
> >Do not reply to spam, report it:
> Best regards,