Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 936989 Details for
Bug 1141263
[RFE] more pluggable way of setting pesign permissions
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
add code for behavior
0001-A-more-plugable-way-of-setting-ACLs-for-pesign.patch (text/plain), 2.79 KB, created by
Pat Riehecky
on 2014-09-12 14:44:38 UTC
(
hide
)
Description:
add code for behavior
Filename:
MIME Type:
Creator:
Pat Riehecky
Created:
2014-09-12 14:44:38 UTC
Size:
2.79 KB
patch
obsolete
>From 05e409bb253381daa2267e080db6e6c8134ab343 Mon Sep 17 00:00:00 2001 >From: Pat Riehecky <riehecky@fnal.gov> >Date: Fri, 12 Sep 2014 09:37:07 -0500 >Subject: [PATCH] A more plugable way of setting ACLs for pesign > >--- > src/pesign-authorize-groups | 17 +++++++++++++++++ > src/pesign-authorize-users | 17 +++++++++++++++++ > src/pesign.service | 2 ++ > src/pesign.sysvinit | 6 ++---- > 4 files changed, 38 insertions(+), 4 deletions(-) > create mode 100644 src/pesign-authorize-groups > create mode 100644 src/pesign-authorize-users > >diff --git a/src/pesign-authorize-groups b/src/pesign-authorize-groups >new file mode 100644 >index 0000000..1048904 >--- /dev/null >+++ b/src/pesign-authorize-groups >@@ -0,0 +1,17 @@ >+#!/bin/bash >+ >+# >+# With /run/pesign/socket on tmpfs, a simple way of restoring the >+# acls for specific groups is useful >+# >+# Compare to: http://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/bkernel/tasks/main.yml?id=17198dadebf59d8090b7ed621bc8ab22152d2eb6 >+# >+ >+# License: GPLv2 >+ >+if [[ -r /etc/pesign/authorize-groups ]]; then >+ for group in $(cat /etc/pesign/authorize-groups); do >+ setfacl -m g:${group}:rx /var/run/pesign >+ setfacl -m g:${group}:rw /var/run/pesign/socket >+ done >+fi >diff --git a/src/pesign-authorize-users b/src/pesign-authorize-users >new file mode 100644 >index 0000000..1993570 >--- /dev/null >+++ b/src/pesign-authorize-users >@@ -0,0 +1,17 @@ >+#!/bin/bash >+ >+# >+# With /run/pesign/socket on tmpfs, a simple way of restoring the >+# acls for specific users is useful >+# >+# Compare to: http://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/bkernel/tasks/main.yml?id=17198dadebf59d8090b7ed621bc8ab22152d2eb6 >+# >+ >+# License: GPLv2 >+ >+if [[ -r /etc/pesign/authorize-users ]]; then >+ for username in $(cat /etc/pesign/authorize-users); do >+ setfacl -m u:${username}:rx /var/run/pesign >+ setfacl -m u:${username}:rw /var/run/pesign/socket >+ done >+fi >diff --git a/src/pesign.service b/src/pesign.service >index 75a73c3..d6a412e 100644 >--- a/src/pesign.service >+++ b/src/pesign.service >@@ -6,3 +6,5 @@ PrivateTmp=true > Type=forking > PIDFile=/var/run/pesign.pid > ExecStart=/usr/bin/pesign --daemonize >+ExecStartPost=/usr/sbin/pesign-authorize-users >+ExecStartPost=/usr/sbin/pesign-authorize-groups >diff --git a/src/pesign.sysvinit b/src/pesign.sysvinit >index ea37c58..6f20560 100644 >--- a/src/pesign.sysvinit >+++ b/src/pesign.sysvinit >@@ -24,10 +24,8 @@ start(){ > RETVAL=$? > echo > touch /var/lock/subsys/pesign >- setfacl -m u:kojibuilder:x /var/run/pesign >- setfacl -m u:kojibuilder:rw /var/run/pesign/socket >- setfacl -m g:kojibuilder:x /var/run/pesign >- setfacl -m g:kojibuilder:rw /var/run/pesign/socket >+ /usr/sbin/pesign-authorize-users >+ /usr/sbin/pesign-authorize-groups > } > > stop(){ >-- >1.7.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=936989">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1141263
: 936989 |
936990