Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix various issues detected by static analysis and invalid file mode in systemd service file #104

Merged
merged 2 commits into from
Aug 7, 2024

Conversation

jrisc
Copy link
Contributor

@jrisc jrisc commented Aug 6, 2024

This PR includes some fixes based on reports from static analysis tools (mainly related to unreleased resources and uninitialized variables), and a fix for the provided systemd service file, which causes invalid file mode to be set on cache folders.

@jrisc jrisc changed the title [WIP] Fix various issues detected by static analysis Fix various issues detected by static analysis and invalid file mode in systemd service file Aug 7, 2024
Copy link
Contributor

@simo5 simo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One broken change, and one question.

Changing the tests is a bit pedantic given all file descriptors get closed when the test completes anyway, but I am not against keeping static analysis tools quiet.
I would suggest though that you simply change your configuration of your static analysis tools to ignore the tests directory, for tests this is just churn and we should avoid it.

src/client/gpm_accept_sec_context.c Outdated Show resolved Hide resolved
systemd/gssproxy.service.in Show resolved Hide resolved
@jrisc jrisc force-pushed the various_fixes branch 2 times, most recently from 8ae192a to fbbb6a4 Compare August 7, 2024 15:56
jrisc added 2 commits August 7, 2024 18:02
Signed-off-by: Julien Rische <jrische@redhat.com>
The provided gssproxy.service unit configures /var/lib/gssproxy/clients
and /var/lib/gssproxy/rcache as "StateDirectory". However, systemd
applies mode 0755 by default on such folders. "StateDirectoryMode" has
to be set too to restrict access to root only.

Signed-off-by: Julien Rische <jrische@redhat.com>
Copy link
Contributor

@simo5 simo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@simo5 simo5 merged commit b954728 into gssapi:main Aug 7, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants