From nobody Sun Apr 19 12:33:21 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 38.145.34.151 as permitted sender) client-ip=38.145.34.151; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 38.145.34.151 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1776376754; cv=none; d=zohomail.com; s=zohoarc; b=YJdD3QhQNEx7y18fVCZaz9uouZ+vfk0mS4hAyGpnWKlvBGrsOPfIrWVS0zho2q2ikBUambKlnVKckR3158VPrdUJbGOiDaW8sEWmUxcLSktfNaaGaZkHtwEXwnZhD0AkyCZuISO5OprwJVbDyD4n2aoZCoPch7ureJtVROpTsYU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1776376754; h=Content-Transfer-Encoding:Date:Date:From:From:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:Subject:Subject:To:To:Message-Id:Cc; bh=AIJ44F8hesFNVKU77UeNnNzf7rwVlQBm8q1o+4N0Ap0=; b=Bk6UGnOvcorhGtHWghFztR7vmh4uWMz5KJ8NypVnbDGx9J5WIgLjpELjzxRzg8F+OqHcCfd2FAOXNgCucQfqQOj1V4HSIIQRHkozWiIIKIXXvdRTEVZPs8FUOvkCvuYCqk+5ppt+PKTjhGVM1+adstyK7daqOzklbJp/uaPwDQQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 38.145.34.151 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [38.145.34.151]) by mx.zohomail.com with SMTPS id 1776376754723774.5284048073822; Thu, 16 Apr 2026 14:59:14 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 993) id 3A97F3F894; Thu, 16 Apr 2026 17:59:13 -0400 (EDT) Received: from [172.19.199.6] (unknown [10.16.107.18]) by lists.libvirt.org (Postfix) with ESMTP id 53800418DF; Thu, 16 Apr 2026 17:58:21 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 993) id 625293F345; Thu, 16 Apr 2026 17:58:13 -0400 (EDT) Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 82C1F3F344 for ; Thu, 16 Apr 2026 17:58:11 -0400 (EDT) Received: by mail-wm1-x331.google.com with SMTP id 5b1f17b1804b1-4852a9c6309so298815e9.0 for ; Thu, 16 Apr 2026 14:58:11 -0700 (PDT) Received: from localhost (75-169-28-58.slkc.qwest.net. [75.169.28.58]) by smtp.gmail.com with UTF8SMTPSA id a92af1059eb24-12c5e6a8496sm7501355c88.10.2026.04.16.14.58.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Apr 2026 14:58:08 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1776376690; x=1776981490; darn=lists.libvirt.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=AIJ44F8hesFNVKU77UeNnNzf7rwVlQBm8q1o+4N0Ap0=; b=aFgcpMlytq9X5p8CddqGILzF7tninmCI7qEBRaI7PmkJhjRAjFdAsDfaqln0rquIUt kLr7ffid9rsRgNUAHTIjM1SnHtnhhfoi6MTUKveD5Dv/hUZL0Bwp7vEpiOIWrH0Yyi8t sqA5K4ZdLzJpfbsT/KpgGqiSzwtajimdXrKDeApIvzoW0tVa+wOOO4St68E7bS6/2z7w 3dLFwBGfK65JMmcMQlJctf7RBZirrTfwGzqFFPmyjz3Zq7gjt3y1Kynko1TfbmiSfL7o 4zhFXvkvLF5ApOzN4IRoy4Vp/Qj1lO8ap5ZPhYOmFulRKYNwRGRRwrw41Z2qqI9gSnAa DpIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776376690; x=1776981490; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=AIJ44F8hesFNVKU77UeNnNzf7rwVlQBm8q1o+4N0Ap0=; b=bzqkW1PiV1jpgqgW4lRjV2OiBx7xLbPuOhFRLG9PEgg5qi1Iq2TivSQu2j2apl2gOp deC7VKhtEkEmY78ivcI1Hr9KioUSIxGJnhXKlkspoxOEu6xP5huGC2V2KwkfZH4J6mZU 359aHF5uAip7apLXKUv+GFVU3gik66y1S3vslsEd0eb5B/MA+B/dsz5Wu3AqAuk39zDW ZTa30c7DMvEqBBO5r2R0u+9BVgdG1/3WdwKMfYa7hnhNtqcG8YKT+n/RMCv0RQ+Nu5zJ GwNYQ7hSLcJ29VFvBC9SyOdJ39zS+6HdrNdWIz1oBI4lZx70tEfxDXV/9SKMQwmOD8XP xjgg== X-Gm-Message-State: AOJu0YwT6r0G0Zf9lxPbgl/qZ3u4DHSuL4DvqTo/byb8yW8dApoLRJKd ESww3oFMsUD/Xq3hQBMJ1rQfRUU15oc20miGQSd4swqLlaiycD8pacN1Xls6KsnYDDT3r3/RS+l JLrEkwBg= X-Gm-Gg: AeBDiet609tCth+s7/j8YFjNXmVFio+KiTkjQ4oyzTKLCN2yFe0+5AuI6tyyTjh+1Qn U8MYjxZXmnGNQrRxC7PgHPCvDB1Wz0yPuxwZoznR8EmSVttGdeuhbsCFdSSPjJqZET0ww4p9ztP tcKggSbnzO6X+ofmNxbGAbNv2q6D7FEeSzCj8l2kbaXAIBakDeqnVdiQMtIr6BmLDyz113IWfY6 9sWuM92BzEHQVAeLSYvu+K7PsRaLng9xCqTu1Ib7J0o6hFXPKeFKIgtcppUXNYSy2ASRGk1cidN pPkpLSeygzRuga5rgDZk/GUQA+nyQQD4fnKmGN5mFuzPUZcBwHBG4YkTANIGK9SLVjrO+QpacPC w5sq7EviwPzC4NX8hmCzFU3UDOT/d7PrLlMXk75Twc9i7WfYrtjz6b0Dbw0OYpPtq0HtkfYRDHg s13cvJfNwrvqjri5jtjEvqpS0Af/5bJ5Rj5nHbHf8p4D1I8LjlqJk= X-Received: by 2002:a05:600c:3110:b0:485:3abe:ab86 with SMTP id 5b1f17b1804b1-488fb739ce4mr4069025e9.4.1776376689833; Thu, 16 Apr 2026 14:58:09 -0700 (PDT) To: devel@lists.libvirt.org Subject: [PATCH] secret: Use UMask= in virt-secret-init-encryption.service Date: Thu, 16 Apr 2026 15:57:54 -0600 Message-ID: <20260416215807.37714-1-jfehlig@suse.com> X-Mailer: git-send-email 2.51.0 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: QA4G57Q5463BOXXY7EQYCQ3GTQAWNO5Y X-Message-ID-Hash: QA4G57Q5463BOXXY7EQYCQ3GTQAWNO5Y X-MailFrom: jfehlig@suse.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Jim Fehlig via Devel Reply-To: Jim Fehlig X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1776376756192158500 Content-Type: text/plain; charset="utf-8" From: Jim Fehlig Switch to using systemd's native UMask=3D directive, instead of using umask directly in ExecStart=3D. Signed-off-by: Jim Fehlig Reviewed-by: Daniel P. Berrang=C3=A9 --- src/secret/virt-secret-init-encryption.service.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/secret/virt-secret-init-encryption.service.in b/src/secret= /virt-secret-init-encryption.service.in index 8fd54002a0..5cf4149188 100644 --- a/src/secret/virt-secret-init-encryption.service.in +++ b/src/secret/virt-secret-init-encryption.service.in @@ -5,4 +5,5 @@ ConditionPathExists=3D!@localstatedir@/lib/libvirt/secrets/= secrets-encryption-key =20 [Service] Type=3Doneshot -ExecStart=3D/usr/bin/sh -c 'umask 0077 && (dd if=3D/dev/random status=3Dno= ne bs=3D32 count=3D1 | systemd-creds encrypt --name=3Dsecrets-encryption-ke= y - @localstatedir@/lib/libvirt/secrets/secrets-encryption-key)' +UMask=3D0077 +ExecStart=3D/usr/bin/sh -c 'dd if=3D/dev/random status=3Dnone bs=3D32 coun= t=3D1 | systemd-creds encrypt --name=3Dsecrets-encryption-key - @localstate= dir@/lib/libvirt/secrets/secrets-encryption-key' --=20 2.51.0