diff --git a/core/models/BaseProfile.py b/core/models/BaseProfile.py index cf1f65a..228ec6a 100644 --- a/core/models/BaseProfile.py +++ b/core/models/BaseProfile.py @@ -112,7 +112,7 @@ class BaseProfile(ABC): with open(self.get_wireguard_configuration_path(), 'r') as file: return file.read() - except FileNotFoundError: + except (FileNotFoundError, PermissionError): return None def address_security_incident(self): @@ -127,8 +127,19 @@ class BaseProfile(ABC): incident_path = Path(tempfile.mkdtemp(dir=incident_data_path, prefix='')) incident_wireguard_configuration_path = f'{incident_path}/{wireguard_configuration_path.name}' - shutil.copy2(wireguard_configuration_path, incident_wireguard_configuration_path) - os.chmod(incident_wireguard_configuration_path, 0o664) + try: + + shutil.copy2(wireguard_configuration_path, incident_wireguard_configuration_path) + os.chmod(incident_wireguard_configuration_path, 0o644) + + except (FileNotFoundError, PermissionError): + + if incident_path.is_dir(): + + incident_path_contents = incident_path.iterdir() + + if not any(incident_path_contents): + incident_path.rmdir() def _get_dirty_keys(self: Self): diff --git a/core/models/system/SystemProfile.py b/core/models/system/SystemProfile.py index 9ad387a..28fe0e9 100644 --- a/core/models/system/SystemProfile.py +++ b/core/models/system/SystemProfile.py @@ -40,7 +40,7 @@ class SystemProfile(BaseProfile): while not wireguard_configuration_is_attached and failed_attempt_count < 3: - process = subprocess.Popen(('pkexec', 'install', '-D', wireguard_configuration_file_backup_path, self.get_wireguard_configuration_path(), '-o', 'root', '-m', '210')) + process = subprocess.Popen(('pkexec', 'install', '-D', wireguard_configuration_file_backup_path, self.get_wireguard_configuration_path(), '-o', 'root', '-m', '744')) wireguard_configuration_is_attached = not bool(os.waitpid(process.pid, 0)[1] >> 8) if not wireguard_configuration_is_attached: