https://github.com/osquery/osquery logo
Title
s

seph

02/28/2020, 3:30 PM
Though, reading the implementation… 1. I’m not convicned the database files should be writable by the osquery group 2. umask in the init script feels weird. Can we do this in the code?
t

theopolis

02/28/2020, 3:32 PM
Yes we can implement the umasking-behavior in code but it seems OK that it's in the systemd unit. Perhaps the only issue is the init script?
s

seph

02/28/2020, 3:32 PM
My comment applies to systemd, and init equally.
t

theopolis

02/28/2020, 3:33 PM
It's a feature of an exec unit in systemd (thus I am assuming it's expected) https://www.freedesktop.org/software/systemd/man/systemd.exec.html
s

seph

02/28/2020, 3:33 PM
What about the next thing? It feels like it’s adding some logic to the start script. which feels weird. It also means that the socket and the db files have the same meaning
t

theopolis

02/28/2020, 3:33 PM
expected = a thing that happens maybe
there's no permissions boundary between socket and db so thats OK
s

seph

02/28/2020, 3:34 PM
This is all a weak objection. If people would rather have osquery just respect umask, I’m super opposed. Mostly just feels weird.
t

theopolis

02/28/2020, 3:37 PM
If people would rather have osquery just respect umask, I’m super opposed.
what do you mean?
s

seph

02/28/2020, 3:37 PM
Exactly the opposite. Clearly too distracted. If people want to just respect umask. I’m onboard.
t

theopolis

02/28/2020, 3:38 PM
ah ok 🙂
I'll just escalate the code review to #linux ;)
s

seph

02/28/2020, 3:42 PM
FYI you want @-here, @-channel gets idle people too.