nvme: set file permission for keyfile to owner only

Since this file contains secret enforce the read/write permission
limited to the owner only.

Signed-off-by: Daniel Wagner <dwagner@suse.de>

diff --git a/nvme.c b/nvme.c
index 9ba59bddd451e5f062838abf9587e086407fa811..d1107ca16f337350ffdb9121b8c4f12c70120eab 100644 (file)
--- a/nvme.c
+++ b/nvme.c
@@ -9480,6 +9480,7 @@ static int tls_key(int argc, char **argv, struct command *command, struct plugin
        const char *revoke = "Revoke key from the keyring.";
 
        _cleanup_file_ FILE *fd = NULL;
+       mode_t old_umask = 0;
        int cnt, err = 0;
 
        struct config {
@@ -9520,6 +9521,8 @@ static int tls_key(int argc, char **argv, struct command *command, struct plugin
                else
                        mode = "w";
 
+               old_umask = umask(0);
+
                fd = fopen(cfg.keyfile, mode);
                if (!fd) {
                        nvme_show_error("Cannot open keyfile %s, error %d",
@@ -9575,6 +9578,11 @@ static int tls_key(int argc, char **argv, struct command *command, struct plugin
                        printf("revoking key\n");
        }
 
+       if (old_umask != 0 && fd) {
+               umask(old_umask);
+               chmod(cfg.keyfile, 0600);
+       }
+
        return err;
 }