Thanks to visit codestin.com
Credit goes to github.com

Skip to content

grubconfigs: ensure bootuuid.cfg and grubenv with mode 0600#1063

Merged
cgwalters merged 2 commits into
coreos:mainfrom
HuijingHei:fix-grub-permission
Feb 10, 2026
Merged

grubconfigs: ensure bootuuid.cfg and grubenv with mode 0600#1063
cgwalters merged 2 commits into
coreos:mainfrom
HuijingHei:fix-grub-permission

Conversation

@HuijingHei

@HuijingHei HuijingHei commented Feb 10, 2026

Copy link
Copy Markdown
Contributor

Fixes #1058

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Feb 10, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request enhances security by ensuring that bootuuid.cfg and grubenv have file permissions set to 0600. The changes involve using a shared constant for the file mode when creating bootuuid.cfg and adding a new function to enforce the permissions on grubenv. The implementation is correct and includes a test to verify the new behavior. I have one suggestion to simplify the code in the new function.

Comment thread src/grubconfigs.rs Outdated
@HuijingHei HuijingHei requested a review from cgwalters February 10, 2026 10:22
cgwalters
cgwalters approved these changes Feb 10, 2026
View reviewed changes

@cgwalters cgwalters left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks sane, but we probably want to also apply this fixup automatically on upgrades?

@cgwalters cgwalters merged commit 883c97a into coreos:main Feb 10, 2026
12 checks passed
@HuijingHei

HuijingHei commented Feb 11, 2026

Copy link
Copy Markdown
Contributor Author

Looks sane, but we probably want to also apply this fixup automatically on upgrades?

Good catch, will fix on upgrades later.

@HuijingHei HuijingHei deleted the fix-grub-permission branch February 11, 2026 01:38
HuijingHei added a commit to HuijingHei/bootupd that referenced this pull request Feb 12, 2026
@HuijingHei
update: ensure the permissions of the grub files are updated to 0600
3a5b674 
Inspired by coreos#1063 (comment)
@HuijingHei HuijingHei mentioned this pull request Feb 12, 2026
Merged
HuijingHei added a commit to HuijingHei/bootupd that referenced this pull request Feb 12, 2026
@HuijingHei
update: ensure the permissions of the grub files are updated to 0600
69dd211 
Inspired by coreos#1063 (comment)
HuijingHei added a commit that referenced this pull request Feb 25, 2026
@HuijingHei
update: ensure the permissions of the grub files are updated to 0600
c6fdb12 
Inspired by #1063 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cgwalters cgwalters cgwalters approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Ensure bootupd-generated files have CIS-compliant permissions

2 participants

@HuijingHei @cgwalters