From 62bb680b3aa21ea927426300b5240680369d7c6c Mon Sep 17 00:00:00 2001
From: Robert Malz <robert.malz@canonical.com>
Date: Thu, 8 Aug 2024 10:18:17 +0200
Subject: [PATCH] Change default umask when creating dirctories

Security best practices recommend changing the default umask from 022
to 027 to harden systems. However, when users set umask to 027,
netplan creates directories with permissions that are not accessible
to backends like systemd-network, resulting in issues during network
configuration.

This patch ensures that netplan generates directories with a 0755
mask, regardless of the user's umask.

fixes: lp2076319
---
 src/util.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/util.c b/src/util.c
index 086403d1b..0526a88dc 100644
--- a/src/util.c
+++ b/src/util.c
@@ -24,6 +24,7 @@
 #include <string.h>
 #include <sys/mman.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <pwd.h>
 #include <grp.h>
 
@@ -54,11 +55,13 @@ void
 _netplan_safe_mkdir_p_dir(const char* file_path)
 {
     g_autofree char* dir = g_path_get_dirname(file_path);
+    mode_t orig_umask = umask(022);
 
     if (g_mkdir_with_parents(dir, 0755) < 0) {
         g_fprintf(stderr, "ERROR: cannot create directory %s: %m\n", dir);
         exit(1);
     }
+    umask(orig_umask);
 }
 
 /**