[PATCH] secret: Use UMask= in virt-secret-init-encryption.service
From: Jim Fehlig <jfehlig@suse.com> Switch to using systemd's native UMask= directive, instead of using umask directly in ExecStart=. Signed-off-by: Jim Fehlig <jfehlig@suse.com> --- src/secret/virt-secret-init-encryption.service.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/secret/virt-secret-init-encryption.service.in b/src/secret/virt-secret-init-encryption.service.in index 8fd54002a0..5cf4149188 100644 --- a/src/secret/virt-secret-init-encryption.service.in +++ b/src/secret/virt-secret-init-encryption.service.in @@ -5,4 +5,5 @@ ConditionPathExists=!@localstatedir@/lib/libvirt/secrets/secrets-encryption-key [Service] Type=oneshot -ExecStart=/usr/bin/sh -c 'umask 0077 && (dd if=/dev/random status=none bs=32 count=1 | systemd-creds encrypt --name=secrets-encryption-key - @localstatedir@/lib/libvirt/secrets/secrets-encryption-key)' +UMask=0077 +ExecStart=/usr/bin/sh -c 'dd if=/dev/random status=none bs=32 count=1 | systemd-creds encrypt --name=secrets-encryption-key - @localstatedir@/lib/libvirt/secrets/secrets-encryption-key' -- 2.51.0
On Thu, Apr 16, 2026 at 03:57:54PM -0600, Jim Fehlig via Devel wrote:
From: Jim Fehlig <jfehlig@suse.com>
Switch to using systemd's native UMask= directive, instead of using umask directly in ExecStart=.
Signed-off-by: Jim Fehlig <jfehlig@suse.com> --- src/secret/virt-secret-init-encryption.service.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> With regards, Daniel -- |: https://berrange.com ~~ https://hachyderm.io/@berrange :| |: https://libvirt.org ~~ https://entangle-photo.org :| |: https://pixelfed.art/berrange ~~ https://fstop138.berrange.com :|
participants (2)
-
Daniel P. Berrangé -
Jim Fehlig