package/usbguard: enforce the right permissions on the configuration file

Only 0600 rights are allowed for the rules.conf. This file is read when the
usbguard daemon starts and will prevent it to run otherwise.

As Git only tracks the executable bit, setting the right permissions in the
package makefile is the cleanest solution, in particular when providing this
file from a rootfs overlay.

Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

diff --git a/package/usbguard/usbguard.mk b/package/usbguard/usbguard.mk
index 53d103346e75b668d0249cd70c5c7ceacda95169..1518f92fc530631e0675a1c2c121c2867b875e74 100644 (file)
--- a/package/usbguard/usbguard.mk
+++ b/package/usbguard/usbguard.mk
@@ -59,4 +59,8 @@ define USBGUARD_INSTALL_INIT_SYSV
                $(TARGET_DIR)/etc/init.d/S20usbguard
 endef
 
+define USBGUARD_PERMISSIONS
+       /etc/usbguard/rules.conf f 0600 0 0 - - - - -
+endef
+
 $(eval $(autotools-package))