Red Hat Bugzilla – Bug 1141263
[RFE] more pluggable way of setting pesign permissions
Last modified: 2017-04-11 10:01:29 EDT
Created attachment 936989 [details] add code for behavior Description of problem: The sysvinit script provided with pesign sets ACLS for the pesign/socket file for kojibuilder:kojibuilder. The systemd unit, however, does not. I've built a more general solution for both the sysvinit and systemd unit that should allow for greater flexibility and compat behavior. Version-Release number of selected component (if applicable):pesign-0.109-6.el7 How reproducible:100% Steps to Reproduce: 1.search for way to set acls under systemd unit like the sysvinit script 2.unable to locate 3. Actual results: the EPEL6 package sets ACLS for kojibuilder, but the EL7 package does not and has no provided solution Expected results: similar behavior between sysvinit script and systemd unit Additional info: Attached patches resolve Also, http://infrastructure.fedoraproject.org/cgit/ansible.git/tree/roles/bkernel/tasks/main.yml?id=17198dadebf59d8090b7ed621bc8ab22152d2eb6
Created attachment 936990 [details] Spec file updates for previous patch
During the testing we found a mistake: there is simple patch like: chmod 0660 /etc/pki/pesign/* ; chmod 0770 /etc/pki/pesign without this change this bug is not fixed, it works the same way as it works before.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-2384.html