Liliana Marie Prikler schreef op vr 18-03-2022 om 23:36 [+0100]:
+(define (auditd-activation config)
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils))
+ (let ((var-log-audit "/var/log/audit"))
+ (umask #o077)
+ (mkdir-p var-log-audit)))))
+
This would also apply umask 077 to /var and /var/log if those don't
already exist. More importantly, code executed after that will also
inherit the umask, which I don't think is the intended consequence.
More concretely, the procedure 'mkdir-p/perms' would address the umask
issue, but not the potential ‘oops too restrictive permissions for /var
and /var/log' issue.