diff options
| author | Erik Larkö <erik@mullvad.net> | 2017-11-24 11:23:25 +0100 |
|---|---|---|
| committer | Erik Larkö <erik@mullvad.net> | 2017-11-27 10:30:24 +0100 |
| commit | 07104a432eb71e4ce1cd22f1c262d61fc0050378 (patch) | |
| tree | bc1494bbad8c114dd490494cc52794a60624cb87 | |
| parent | 195c0f71e5ce1adb644150a63ab5d7a12ae700c8 (diff) | |
| download | mullvadvpn-07104a432eb71e4ce1cd22f1c262d61fc0050378.tar.xz mullvadvpn-07104a432eb71e4ce1cd22f1c262d61fc0050378.zip | |
Make sure the OpenVPN log file is readable by non-root users
When OpenVPN creates it's log file it is only readable by root. When we
then want to collect this log file in the problem report we do not want
to be root. If OpenVPN on the other hand is told to log to a file that
already exists it doesn't change the permissions of that file. So here
we create the log file with permissions that work for us before OpenVPN
has the chance to create it itself.
| -rw-r--r-- | mullvad-daemon/src/bin/problem-report.rs | 4 | ||||
| -rw-r--r-- | mullvad-daemon/src/main.rs | 8 |
2 files changed, 10 insertions, 2 deletions
diff --git a/mullvad-daemon/src/bin/problem-report.rs b/mullvad-daemon/src/bin/problem-report.rs index 1894af9e1d..67d784dc64 100644 --- a/mullvad-daemon/src/bin/problem-report.rs +++ b/mullvad-daemon/src/bin/problem-report.rs @@ -215,7 +215,7 @@ impl ProblemReport { out = self.redact_mac_addresses(&out); out = self.redact_ip_addresses(&out); - self.redact_list(out) + self.redact_custom_strings(out) } fn redact_home_dir(&self, input: String) -> String { @@ -287,7 +287,7 @@ impl ProblemReport { re.replace_all(input, "[REDACTED IPv6]").to_string() } - fn redact_list(&self, input: String) -> String { + fn redact_custom_strings(&self, input: String) -> String { let mut out = input; for redact in &self.redact_custom_strings { out = out.replace(redact, "[REDACTED]") diff --git a/mullvad-daemon/src/main.rs b/mullvad-daemon/src/main.rs index c9493d3778..08bb9bccec 100644 --- a/mullvad-daemon/src/main.rs +++ b/mullvad-daemon/src/main.rs @@ -76,6 +76,8 @@ use talpid_core::mpsc::IntoSender; use talpid_core::tunnel::{self, TunnelEvent, TunnelMetadata, TunnelMonitor}; use talpid_types::net::TunnelEndpoint; +use std::fs; + error_chain!{ errors { @@ -595,6 +597,12 @@ impl Daemon { self.set_security_policy()?; + if let Some(ref file) = self.tunnel_log { + let _ = fs::remove_file(file); + fs::File::create(file) + .chain_err(|| "Unable to create the tunnel log file")?; + } + let tunnel_monitor = self.spawn_tunnel_monitor(self.tunnel_endpoint.unwrap(), &account_token)?; self.tunnel_close_handle = Some(tunnel_monitor.close_handle()); |