From 0188ce47c6ecbbd371bef5ca1a8e8d946987c903 Mon Sep 17 00:00:00 2001 From: Petr Menšík Date: Jun 08 2018 13:07:18 +0000 Subject: Make named home writeable (#1422680) Signed-off-by: Petr Menšík --- diff --git a/bind.spec b/bind.spec index a35a6f3..2f438bb 100644 --- a/bind.spec +++ b/bind.spec @@ -44,7 +44,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: MPLv2.0 Version: 9.11.3 -Release: 8%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} +Release: 9%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ # @@ -86,7 +86,6 @@ Patch102:bind-95-rh452060.patch Patch106:bind93-rh490837.patch Patch109:bind97-rh478718.patch Patch112:bind97-rh645544.patch -Patch119:bind97-rh693982.patch Patch130:bind-9.9.1-P2-dlz-libdb.patch Patch131:bind-9.9.1-P2-multlib-conflict.patch Patch133:bind99-rh640538.patch @@ -135,6 +134,8 @@ Provides: caching-nameserver = 31:9.4.1-7.fc8 Obsoletes: dnssec-conf < 1.27-2 Provides: dnssec-conf = 1.27-2 BuildRequires: gcc, make +# FIXME: Enter correct version of policy changing the directory +Conflicts: selinux-policy < 3.13.1-283.34 BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel BuildRequires: libidn2-devel, libxml2-devel, GeoIP-devel BuildRequires: systemd @@ -430,7 +431,6 @@ are used for building ISC DHCP. %patch106 -p0 -b .rh490837 %patch109 -p1 -b .rh478718 %patch112 -p1 -b .rh645544 -%patch119 -p1 -b .rh693982 %patch130 -p1 -b .libdb %patch131 -p1 -b .multlib-conflict %patch140 -p1 -b .rh1410433 @@ -1105,19 +1105,20 @@ rm -rf ${RPM_BUILD_ROOT} # Hide configuration %defattr(0640,root,named,0750) %dir %{_sysconfdir}/named -%dir %{_localstatedir}/named %config(noreplace) %verify(not link) %{_sysconfdir}/named.conf %config(noreplace) %verify(not link) %{_sysconfdir}/named.rfc1912.zones -%config %verify(not link) %{_localstatedir}/named/named.ca -%config %verify(not link) %{_localstatedir}/named/named.localhost -%config %verify(not link) %{_localstatedir}/named/named.loopback -%config %verify(not link) %{_localstatedir}/named/named.empty +%defattr(0660,root,named,01770) +%dir %{_localstatedir}/named %defattr(0660,named,named,0770) %dir %{_localstatedir}/named/slaves %dir %{_localstatedir}/named/data %dir %{_localstatedir}/named/dynamic %ghost %{_localstatedir}/log/named.log %defattr(0640,root,named,0750) +%config %verify(not link) %{_localstatedir}/named/named.ca +%config %verify(not link) %{_localstatedir}/named/named.localhost +%config %verify(not link) %{_localstatedir}/named/named.loopback +%config %verify(not link) %{_localstatedir}/named/named.empty %ghost %config(noreplace) %{_sysconfdir}/rndc.key # ^- rndc.key now created on first install only if it does not exist %ghost %config(noreplace) %{_sysconfdir}/rndc.conf @@ -1254,12 +1255,13 @@ rm -rf ${RPM_BUILD_ROOT} %dir %{chroot_prefix}/etc/crypto-policies/back-ends %dir %{chroot_prefix}/var %dir %{chroot_prefix}/run -%dir %{chroot_prefix}/var/named %ghost %config(noreplace) %{chroot_prefix}/etc/named.conf %defattr(-,root,root,-) %dir %{chroot_prefix}/usr %dir %{chroot_prefix}/%{_libdir} %dir %{chroot_prefix}/%{_libdir}/bind +%defattr(0660,root,named,01770) +%dir %{chroot_prefix}/var/named %defattr(0660,named,named,0770) %dir %{chroot_prefix}/var/tmp %dir %{chroot_prefix}/var/log @@ -1287,8 +1289,9 @@ rm -rf ${RPM_BUILD_ROOT} %dir %{chroot_sdb_prefix}/etc/crypto-policies/back-ends %dir %{chroot_sdb_prefix}/var %dir %{chroot_sdb_prefix}/run -%dir %{chroot_sdb_prefix}/var/named %ghost %config(noreplace) %{chroot_sdb_prefix}/etc/named.conf +%defattr(0660,root,named,01770) +%dir %{chroot_sdb_prefix}/var/named %defattr(-,root,root,-) %dir %{chroot_sdb_prefix}/usr %dir %{chroot_sdb_prefix}/%{_libdir} @@ -1396,6 +1399,9 @@ rm -rf ${RPM_BUILD_ROOT} %changelog +* Fri May 25 2018 Petr Menšík - 32:9.11.3-9 +- Make named home writeable (#1422680) + * Fri May 25 2018 Petr Menšík - 32:9.11.3-8 - Require C++ on build when shipped atf library is used diff --git a/bind97-rh693982.patch b/bind97-rh693982.patch deleted file mode 100644 index 0e73764..0000000 --- a/bind97-rh693982.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff --git a/bin/named/server.c b/bin/named/server.c -index 20a6e31..dececd5 100644 ---- a/bin/named/server.c -+++ b/bin/named/server.c -@@ -8126,15 +8126,6 @@ load_configuration(const char *filename, ns_server_t *server, - ns_os_changeuser(); - } - -- /* -- * Check that the working directory is writable. -- */ -- if (!isc_file_isdirwritable(".")) { -- isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, -- NS_LOGMODULE_SERVER, ISC_LOG_ERROR, -- "the working directory is not writable"); -- } -- - #ifdef HAVE_LMDB - /* - * Reopen NZD databases. -@@ -8209,6 +8200,15 @@ load_configuration(const char *filename, ns_server_t *server, - "config file"); - } - -+ /* -+ * Check that the working directory is writable. -+ */ -+ if (!isc_file_isdirwritable(".")) { -+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, -+ NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(1), -+ "the working directory is not writable"); -+ } -+ - /* - * Set the default value of the query logging flag depending - * whether a "queries" category has been defined. This is