From adab34e63ac384cc73cf4b333a2cde35c9772ea6 Mon Sep 17 00:00:00 2001
From: Radon Rosborough <radon.neon@gmail.com>
Date: Sat, 14 Aug 2021 14:14:02 -0700
Subject: [PATCH] Getting frontend and backend to play nice

---
 system/res/sentinel.bash            | 4 +++-
 system/src/riju-system-privileged.c | 6 +++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/system/res/sentinel.bash b/system/res/sentinel.bash
index ab9bcd0..3a039d9 100755
--- a/system/res/sentinel.bash
+++ b/system/res/sentinel.bash
@@ -2,6 +2,8 @@
 
 set -euo pipefail
 
+umask 077
+
 while read -t2 -r cmdline; do
     cmd=(${cmdline})
     for (( i=0; i<${#cmd[@]}; i++ )); do
@@ -34,7 +36,7 @@ while read -t2 -r cmdline; do
                     mkfifo "${input}" "${output}" "${status}"
                     (
                         set +e
-                        ${maybe_pty:-} runuser -u riju -- bash -c 'exec "$@"' sentinel "${args[@]}" < "${input}" &> "${output}"
+                        runuser -u riju -- bash -c "exec ${maybe_pty:-} \"\$@\"" -- "${args[@]}" < "${input}" &> "${output}"
                         echo "$?" > "${status}"
                     ) &
                 fi
diff --git a/system/src/riju-system-privileged.c b/system/src/riju-system-privileged.c
index b23f1cd..e5ca3bf 100644
--- a/system/src/riju-system-privileged.c
+++ b/system/src/riju-system-privileged.c
@@ -139,7 +139,7 @@ void session(char *uuid, char *lang, char *imageHash)
   int rv = mkdir("/var/cache/riju/shares", 0700);
   if (rv < 0 && errno != EEXIST)
     die("mkdir failed");
-  rv = mkdir(share, 0700);
+  rv = mkdir(share, 0755);
   if (rv < 0)
     die("mkdir failed");
   if (asprintf(&rijuPtyPath, "%s/riju-pty", share) < 0)
@@ -147,7 +147,7 @@ void session(char *uuid, char *lang, char *imageHash)
   int fdFrom = open("/src/system/out/riju-pty", O_RDONLY);
   if (fdFrom < 0)
     die("open failed");
-  int fdTo = open(rijuPtyPath, O_WRONLY | O_CREAT | O_EXCL, 0700);
+  int fdTo = open(rijuPtyPath, O_WRONLY | O_CREAT | O_EXCL, 0755);
   if (fdTo < 0)
     die("open failed");
   char buf[1024];
@@ -172,7 +172,7 @@ void session(char *uuid, char *lang, char *imageHash)
     die("asprintf failed");
   if (asprintf(&fifo, "%s/control", share) < 0)
     die("asprintf failed");
-  if (mknod(fifo, 0700 | S_IFIFO, 0) < 0)
+  if (mknod(fifo, 0600 | S_IFIFO, 0) < 0)
     die("mknod failed");
   pid_t pid = fork();
   if (pid < 0)