Fix permissions on /run/systemd/nspawn/locks

machined is getting an EACCES when trying to create the lock file for
images because the mode on /run/systemd/nspawn/locks is 0600.

mkdir("/run/systemd/nspawn/locks", 0600) = -1 EEXIST (File exists)
stat("/run/systemd/nspawn/locks", {st_mode=S_IFDIR|0600, st_size=40, ...}) = 0
open("/run/systemd/nspawn/locks/inode-41:256", O_RDWR|O_CREAT|O_NOCTTY|O_NOFOLLOW|O_CLOEXEC, 0600) = -1 EACCES (Permission denied)

This commit adjusts the mode to 0700 to correct the issue.

diff --git a/src/shared/machine-image.c b/src/shared/machine-image.c
index bc215f0ad5ca60e60d8fa600c6879717c354d65c..273dacff1f2ac610adf80812ad0669c0e88912f9 100644 (file)
--- a/src/shared/machine-image.c
+++ b/src/shared/machine-image.c
@@ -603,7 +603,7 @@ int image_path_lock(const char *path, int operation, LockFile *global, LockFile
                 return r;
 
         if (p) {
-                mkdir_p("/run/systemd/nspawn/locks", 0600);
+                mkdir_p("/run/systemd/nspawn/locks", 0700);
 
                 r = make_lock_file(p, operation, global);
                 if (r < 0) {
@@ -643,7 +643,7 @@ int image_name_lock(const char *name, int operation, LockFile *ret) {
         if (streq(name, ".host"))
                 return -EBUSY;
 
-        mkdir_p("/run/systemd/nspawn/locks", 0600);
+        mkdir_p("/run/systemd/nspawn/locks", 0700);
         p = strjoina("/run/systemd/nspawn/locks/name-", name);
 
         return make_lock_file(p, operation, ret);