The branch main has been updated by jlduran: URL: https://cgit.FreeBSD.org/src/commit/?id=edadbc6ee95570627679f3bc14a1d5476d0ce339
commit edadbc6ee95570627679f3bc14a1d5476d0ce339 Author: Jose Luis Duran <[email protected]> AuthorDate: 2025-10-17 14:34:55 +0000 Commit: Jose Luis Duran <[email protected]> CommitDate: 2025-10-18 17:11:49 +0000 rc: dmesg: Allow umask to be configurable Allow umask to be configurable. Being able to set the umask via an rc variable is useful when setting: security.bsd.unprivileged_read_msgbuf=0 As it allows a user to configure: dmesg_umask="066" Without modifying the rc script, and preventing the contents of the $dmesg_file (/var/run/dmesg.boot) from being publicly readable. PR: 272552 Reviewed by: netchild MFC after: 2 days Differential Revision: https://reviews.freebsd.org/D53169 --- libexec/rc/rc.conf | 1 + libexec/rc/rc.d/dmesg | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/libexec/rc/rc.conf b/libexec/rc/rc.conf index 939acd3b5226..ada9094360f6 100644 --- a/libexec/rc/rc.conf +++ b/libexec/rc/rc.conf @@ -707,6 +707,7 @@ osrelease_enable="YES" # Update /var/run/os-release on boot (or NO). osrelease_file="/var/run/os-release" # File to update for os-release. osrelease_perms="444" # Default permission for os-release file. dmesg_enable="YES" # Save dmesg(8) to /var/run/dmesg.boot +dmesg_umask="022" # Default umask for /var/run/dmesg.boot file. watchdogd_enable="NO" # Start the software watchdog daemon watchdogd_flags="" # Flags to watchdogd (if enabled) watchdogd_timeout="" # watchdogd timeout, overrides -t in watchdogd_flags diff --git a/libexec/rc/rc.d/dmesg b/libexec/rc/rc.d/dmesg index 51e35d5d4e80..736449f3b159 100755 --- a/libexec/rc/rc.d/dmesg +++ b/libexec/rc/rc.d/dmesg @@ -19,7 +19,7 @@ stop_cmd=":" do_dmesg() { rm -f ${dmesg_file} - ( umask 022 ; /sbin/dmesg $rc_flags > ${dmesg_file} ) + ( umask "${dmesg_umask}" ; /sbin/dmesg $rc_flags > ${dmesg_file} ) } load_rc_config $name
