Users should not be able to read other user content.
Use Umask to enforce that.
Bug-AGL: SPEC-1016
Change-Id: Ibb61b7a6a7617117a499650c5bd70bdd5af3c328
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
PACKAGE_WRITE_DEPS_append_with-lsm-smack = " smack-native"
do_install_append() {
- install -d ${D}/${sysconfdir}/skel/app-data
- install -d ${D}/${sysconfdir}/skel/.config
+ install -m 0700 -d ${D}/${sysconfdir}/skel
+ chmod -R 0700 ${D}/${sysconfdir}/skel
+ install -m 0700 -d ${D}/${sysconfdir}/skel/app-data
+ install -m 0700 -d ${D}/${sysconfdir}/skel/.config
install -m 0755 -d ${D}/var
if [ -d ${D}/usr/local ]; then
mv ${D}/usr/local ${D}/var
--- /dev/null
+
+do_install_append() {
+ sed -i '/^UMASK/s:^.*$:UMASK 077:' ${D}${sysconfdir}/login.defs
+}
+
+
Code Review / AGL / meta-agl.git / commitdiff