mail: chmod the key file, so we can make the config dir readonly
This commit is contained in:
Girish Ramakrishnan
+4
-1
@@ -697,6 +697,9 @@ async function configureMail(mailFqdn, mailDomain, serviceConfig) {
|
||||
if (!safe.child_process.execSync(`cp ${bundle.certFilePath} ${mailCertFilePath}`)) throw new BoxError(BoxError.FS_ERROR, 'Could not create cert file:' + safe.error.message);
|
||||
if (!safe.child_process.execSync(`cp ${bundle.keyFilePath} ${mailKeyFilePath}`)) throw new BoxError(BoxError.FS_ERROR, 'Could not create key file:' + safe.error.message);
|
||||
|
||||
// if the 'yellowtent' user of OS and the 'cloudron' user of mail container don't match, the keys become inaccessible by mail code
|
||||
if (!safe.fs.chmodSync(mailKeyFilePath, 0o644)) throw new BoxError(BoxError.FS_ERROR, `Could not chmod key file: ${safe.error.message}`);
|
||||
|
||||
await shell.promises.exec('stopMail', 'docker stop mail || true');
|
||||
await shell.promises.exec('removeMail', 'docker rm -f mail || true');
|
||||
|
||||
@@ -722,7 +725,7 @@ async function configureMail(mailFqdn, mailDomain, serviceConfig) {
|
||||
-e CLOUDRON_RELAY_TOKEN="${relayToken}" \
|
||||
-e LOGLEVEL=${logLevel} \
|
||||
-v "${paths.MAIL_DATA_DIR}:/app/data" \
|
||||
-v "${paths.MAIL_CONFIG_DIR}:/etc/mail" \
|
||||
-v "${paths.MAIL_CONFIG_DIR}:/etc/mail:ro" \
|
||||
${ports} \
|
||||
--label isCloudronManaged=true \
|
||||
${readOnly} -v /run -v /tmp ${tag} ${cmd}`;
|
||||
|
||||
Reference in New Issue
Block a user