github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 16:44:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(launchd): set restrictive umask in gateway plist

Browse Source
This commit is contained in:
liuxiaopai-ai
2026-03-03 02:12:08 +08:00
committed by Peter Steinberger
parent 740bb77c8c
commit c9558cdcd7
3 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/daemon/launchd-plist.ts
View File

@@ -4,6 +4,7 @@ import fs from "node:fs/promises";
// intentional gateway restarts. Keep it low so CLI restarts and forced
// reinstalls do not stall for a full minute.
export const LAUNCH_AGENT_THROTTLE_INTERVAL_SECONDS = 1;
// launchd stores plist integer values in decimal; 0o077 renders as 63 (owner-only files).
export const LAUNCH_AGENT_UMASK_DECIMAL = 0o077;
const plistEscape = (value: string): string =>

6
src/daemon/launchd.test.ts
View File

@@ -189,7 +189,7 @@ describe("launchd install", () => {
expect(plist).toContain(`<string>${tmpDir}</string>`);
});
it("writes KeepAlive=true policy", async () => {
it("writes KeepAlive=true policy with restrictive umask", async () => {
const env = createDefaultLaunchdEnv();
await installLaunchAgent({
env,
@@ -202,10 +202,10 @@ describe("launchd install", () => {
expect(plist).toContain("<key>KeepAlive</key>");
expect(plist).toContain("<true/>");
expect(plist).not.toContain("<key>SuccessfulExit</key>");
expect(plist).toContain("<key>ThrottleInterval</key>");
expect(plist).toContain(`<integer>${LAUNCH_AGENT_THROTTLE_INTERVAL_SECONDS}</integer>`);
expect(plist).toContain("<key>Umask</key>");
expect(plist).toContain(`<integer>${LAUNCH_AGENT_UMASK_DECIMAL}</integer>`);
expect(plist).toContain("<key>ThrottleInterval</key>");
expect(plist).toContain(`<integer>${LAUNCH_AGENT_THROTTLE_INTERVAL_SECONDS}</integer>`);
});
it("restarts LaunchAgent with bootout-bootstrap-kickstart order", async () => {