From 159dc6867ba71db5915b8f9737f089f1c7cc55d1 Mon Sep 17 00:00:00 2001 From: Petr Menšík Date: Jun 27 2018 16:29:15 +0000 Subject: Make named home writeable (#1422680) Signed-off-by: Petr Menšík (cherry picked from commit 0188ce47c6ecbbd371bef5ca1a8e8d946987c903) --- diff --git a/bind.spec b/bind.spec index d0665df..b83b918 100644 --- a/bind.spec +++ b/bind.spec @@ -26,7 +26,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: MPLv2.0 Version: 9.11.3 -Release: 4%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} +Release: 5%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -69,7 +69,6 @@ Patch102:bind-95-rh452060.patch Patch106:bind93-rh490837.patch Patch109:bind97-rh478718.patch Patch112:bind97-rh645544.patch -Patch119:bind97-rh693982.patch Patch130:bind-9.9.1-P2-dlz-libdb.patch Patch131:bind-9.9.1-P2-multlib-conflict.patch Patch133:bind99-rh640538.patch @@ -110,6 +109,8 @@ Obsoletes: caching-nameserver < 31:9.4.1-7.fc8 Provides: caching-nameserver = 31:9.4.1-7.fc8 Obsoletes: dnssec-conf < 1.27-2 Provides: dnssec-conf = 1.27-2 +# FIXME: Enter correct version of policy changing the directory +Conflicts: selinux-policy < 3.13.1-283.34 BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel BuildRequires: libidn2-devel, libxml2-devel, GeoIP-devel BuildRequires: systemd @@ -376,7 +377,6 @@ This package provides a module which allows commands to be sent to rndc directly %patch106 -p0 -b .rh490837 %patch109 -p1 -b .rh478718 %patch112 -p1 -b .rh645544 -%patch119 -p1 -b .rh693982 %patch130 -p1 -b .libdb %patch131 -p1 -b .multlib-conflict %patch140 -p1 -b .rh1410433 @@ -879,19 +879,20 @@ rm -rf ${RPM_BUILD_ROOT} # Hide configuration %defattr(0640,root,named,0750) %dir %{_sysconfdir}/named -%dir %{_localstatedir}/named %config(noreplace) %verify(not link) %{_sysconfdir}/named.conf %config(noreplace) %verify(not link) %{_sysconfdir}/named.rfc1912.zones -%config %verify(not link) %{_localstatedir}/named/named.ca -%config %verify(not link) %{_localstatedir}/named/named.localhost -%config %verify(not link) %{_localstatedir}/named/named.loopback -%config %verify(not link) %{_localstatedir}/named/named.empty +%defattr(0660,root,named,01770) +%dir %{_localstatedir}/named %defattr(0660,named,named,0770) %dir %{_localstatedir}/named/slaves %dir %{_localstatedir}/named/data %dir %{_localstatedir}/named/dynamic %ghost %{_localstatedir}/log/named.log %defattr(0640,root,named,0750) +%config %verify(not link) %{_localstatedir}/named/named.ca +%config %verify(not link) %{_localstatedir}/named/named.localhost +%config %verify(not link) %{_localstatedir}/named/named.loopback +%config %verify(not link) %{_localstatedir}/named/named.empty %ghost %config(noreplace) %{_sysconfdir}/rndc.key # ^- rndc.key now created on first install only if it does not exist %ghost %config(noreplace) %{_sysconfdir}/rndc.conf @@ -1027,12 +1028,13 @@ rm -rf ${RPM_BUILD_ROOT} %dir %{chroot_prefix}/etc/crypto-policies/back-ends %dir %{chroot_prefix}/var %dir %{chroot_prefix}/run -%dir %{chroot_prefix}/var/named %ghost %config(noreplace) %{chroot_prefix}/etc/named.conf %defattr(-,root,root,-) %dir %{chroot_prefix}/usr %dir %{chroot_prefix}/%{_libdir} %dir %{chroot_prefix}/%{_libdir}/bind +%defattr(0660,root,named,01770) +%dir %{chroot_prefix}/var/named %defattr(0660,named,named,0770) %dir %{chroot_prefix}/var/tmp %dir %{chroot_prefix}/var/log @@ -1060,8 +1062,9 @@ rm -rf ${RPM_BUILD_ROOT} %dir %{chroot_sdb_prefix}/etc/crypto-policies/back-ends %dir %{chroot_sdb_prefix}/var %dir %{chroot_sdb_prefix}/run -%dir %{chroot_sdb_prefix}/var/named %ghost %config(noreplace) %{chroot_sdb_prefix}/etc/named.conf +%defattr(0660,root,named,01770) +%dir %{chroot_sdb_prefix}/var/named %defattr(-,root,root,-) %dir %{chroot_sdb_prefix}/usr %dir %{chroot_sdb_prefix}/%{_libdir} @@ -1139,6 +1142,9 @@ rm -rf ${RPM_BUILD_ROOT} %{python3_sitelib}/isc/ %changelog +* Fri May 25 2018 Petr Menšík - 32:9.11.3-5 +- Make named home writeable (#1422680) + * Thu Apr 05 2018 Petr Menšík - 32:9.11.3-4 - Do not link libidn2 to all libraries (#1098783) - Update named.ca diff --git a/bind97-rh693982.patch b/bind97-rh693982.patch deleted file mode 100644 index 0e73764..0000000 --- a/bind97-rh693982.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff --git a/bin/named/server.c b/bin/named/server.c -index 20a6e31..dececd5 100644 ---- a/bin/named/server.c -+++ b/bin/named/server.c -@@ -8126,15 +8126,6 @@ load_configuration(const char *filename, ns_server_t *server, - ns_os_changeuser(); - } - -- /* -- * Check that the working directory is writable. -- */ -- if (!isc_file_isdirwritable(".")) { -- isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, -- NS_LOGMODULE_SERVER, ISC_LOG_ERROR, -- "the working directory is not writable"); -- } -- - #ifdef HAVE_LMDB - /* - * Reopen NZD databases. -@@ -8209,6 +8200,15 @@ load_configuration(const char *filename, ns_server_t *server, - "config file"); - } - -+ /* -+ * Check that the working directory is writable. -+ */ -+ if (!isc_file_isdirwritable(".")) { -+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, -+ NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(1), -+ "the working directory is not writable"); -+ } -+ - /* - * Set the default value of the query logging flag depending - * whether a "queries" category has been defined. This is