Relax permissions on systemd-journal-remote configuration

Let's make sure the systemd-journal-remote process we start can always read the configuration, even if it's running as a less privileged user.
systemd · May 29, 2024 · 1ea5a14 · 1ea5a14
1 parent 17010a2
commit 1ea5a14
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/mkosi/qemu.py b/mkosi/qemu.py
@@ -450,6 +450,8 @@ def start_journal_remote(config: Config, sockfd: int) -> Iterator[None]:
         INVOKING_USER.chown(d)
 
     with tempfile.NamedTemporaryFile(mode="w", prefix="mkosi-journal-remote-config-") as f:
+        os.chmod(f.name, 0o755)
+
         # Make sure we capture all the logs by bumping the limits. We set MaxFileSize=4G because with the compact mode
         # enabled the files cannot grow any larger anyway.
         f.write(