Bug#381677: initramfs-tools: Temporary files and initramfs world-readable
On Tue, Sep 12, 2006 at 04:06:20PM +0200, maximilian attems wrote:
> On Tue, 12 Sep 2006, Lionel Elie Mamane wrote:
>> On Mon, Aug 14, 2006 at 03:11:39PM +0200, maximilian attems wrote:
>>> I've removed the patch tag, as the proposed patch is nacked,
>> Except as outlined in <[🔎] 20060912045727.GA10337@capsaicin.mamane.lu>,
>> what's wrong with the patch proposed in
>> <20060814112650.GB8810@dp.vpn.nusquama.org> ?
> it adds an config option that has only a small scope to an existing
> conffile.
OK, I understand now.
>>> so we need for your loop-aes pleasure a specific config dir for
>>> mkinitramfs UMASK setting, other packages may want to set
>>> BUSYBOX=yes there or whatever.
>> Aren't /usr/share/initramfs-tools/conf.d/ and/or
>> /etc/initramfs-tools/conf.d/ already such "specific config dir"?
> no they got source inside the initramfs on boot time,
Ah yeah, right.
> what you want is a conf dir for build specific package specific
> settings.
Actually, if we look at the details, I'm not sure the loopaes-utils
package should unconditionally set the umask of initramfs-tools, as
a significant portion of the users may have the package installed,
but not an encrypted _root_ filesystem. So in the best case, we would
want the loopaes hooks to be able to decide whether they touch the
umask or not at runtime (runtime = building the initramfs), but this
seems difficult at best. So, I suppose that the next best thing would
be to give the _administrator_ a way to change the umask. But that's
up to the maintainer of loopaes-utils, naturally.
Max Vozeler? An opinion on that?
--
Lionel
Reply to: