Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 1485216 Details for
Bug 1569466
named: /var/named does not allow writing temporary files by daemon
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Fix when selinux-policy-targeted is missing
0001-Fix-setboolean-and-allow-readonly-home-again.patch (text/plain), 3.55 KB, created by
Petr Menšík
on 2018-09-20 16:30:34 UTC
(
hide
)
Description:
Fix when selinux-policy-targeted is missing
Filename:
MIME Type:
Creator:
Petr Menšík
Created:
2018-09-20 16:30:34 UTC
Size:
3.55 KB
patch
obsolete
>From 9b41d3c16bf4cab803adb46cc303a8f7e49d476c Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com> >Date: Thu, 20 Sep 2018 18:20:46 +0200 >Subject: [PATCH] Fix setboolean and allow readonly home again > >Required setsebool is not correctly set if selinux-policy-* is not >installed yet at that time. Use posttrans to avoid that. Fix also >disabling on upgrade. > >Apply back original patch allowing running in read-only mode as safe >fallback in case it did not work anyway. >--- > bind.spec | 20 +++++++++++++++++--- > bind97-rh693982.patch | 36 ++++++++++++++++++++++++++++++++++++ > 2 files changed, 53 insertions(+), 3 deletions(-) > create mode 100644 bind97-rh693982.patch > >diff --git a/bind.spec b/bind.spec >index 53e448b..39625e7 100644 >--- a/bind.spec >+++ b/bind.spec >@@ -79,6 +79,7 @@ Patch109:bind97-rh478718.patch > Patch110:bind97-rh570851.patch > Patch111:bind97-exportlib.patch > Patch112:bind97-rh645544.patch >+Patch119:bind97-rh693982.patch > Patch123:bind98-rh735103.patch > Patch124:bind93-rh726120.patch > # FIXME: This disables dlzexternal, which I will enable later again >@@ -423,6 +424,7 @@ Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz> > %patch110 -p1 -b .rh570851 > %patch111 -p1 -b .exportlib > %patch112 -p1 -b .rh645544 >+%patch119 -p1 -b .rh693982 > %patch123 -p1 -b .rh735103 > %patch124 -p1 -b .rh726120 > %patch127 -p1 -b .forward >@@ -803,7 +805,11 @@ fi; > > %post > /sbin/ldconfig >-%selinux_set_booleans %{selinuxbooleans} >+if [ "$1" -gt 1 ]; then >+ # On upgrade postun service is restarted. >+ # Ensure boolean is set before that, do not wait for posttrans >+ %selinux_set_booleans %{selinuxbooleans} >+fi > if [ "$1" -eq 1 ]; then > # Initial installation > [ -x /sbin/restorecon ] && /sbin/restorecon /etc/rndc.* /etc/named.* >/dev/null 2>&1 ; >@@ -825,9 +831,17 @@ fi > > %postun > /sbin/ldconfig >-# Package upgrade, not uninstall >+if [ $1 -eq 0 ]; then >+ %selinux_unset_booleans %{selinuxbooleans} >+fi > %systemd_postun_with_restart named.service >-%selinux_unset_booleans %{selinuxbooleans} >+ >+%posttrans >+# selinux-policy-{targeted,mls,minimal} is required! >+# however nobody depends on them explicitly, they should be installed after >+# selinux-policy in the same transaction. Leave booleans after all packages >+# were installed >+%selinux_set_booleans %{selinuxbooleans} > > %if %{SDB} > %post sdb >diff --git a/bind97-rh693982.patch b/bind97-rh693982.patch >new file mode 100644 >index 0000000..0e73764 >--- /dev/null >+++ b/bind97-rh693982.patch >@@ -0,0 +1,36 @@ >+diff --git a/bin/named/server.c b/bin/named/server.c >+index 20a6e31..dececd5 100644 >+--- a/bin/named/server.c >++++ b/bin/named/server.c >+@@ -8126,15 +8126,6 @@ load_configuration(const char *filename, ns_server_t *server, >+ ns_os_changeuser(); >+ } >+ >+- /* >+- * Check that the working directory is writable. >+- */ >+- if (!isc_file_isdirwritable(".")) { >+- isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, >+- NS_LOGMODULE_SERVER, ISC_LOG_ERROR, >+- "the working directory is not writable"); >+- } >+- >+ #ifdef HAVE_LMDB >+ /* >+ * Reopen NZD databases. >+@@ -8209,6 +8200,15 @@ load_configuration(const char *filename, ns_server_t *server, >+ "config file"); >+ } >+ >++ /* >++ * Check that the working directory is writable. >++ */ >++ if (!isc_file_isdirwritable(".")) { >++ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, >++ NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(1), >++ "the working directory is not writable"); >++ } >++ >+ /* >+ * Set the default value of the query logging flag depending >+ * whether a "queries" category has been defined. This is >-- >2.14.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1485216">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
pzhukov
: review+
Actions:
View
|
Diff
Attachments on
bug 1569466
: 1485216