Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure that resolved.conf.d is accessible #5156

Closed
wants to merge 2 commits into from
Closed

Ensure that resolved.conf.d is accessible #5156

wants to merge 2 commits into from

Conversation

tiran
Copy link
Member

@tiran tiran commented Sep 28, 2020
edited
Loading

systemd-resolved runs as user systemd-resolve. Ensure that
resolved.conf.d drop-in directory is accessible when installer runs with
restricted umask. Also ensure the file and directory has correct SELinux
context.

The parent directory /etc/systemd exists on all platforms.

Also backup DNS config drop-ins

Fixes: https://pagure.io/freeipa/issue/8275
Signed-off-by: Christian Heimes cheimes@redhat.com

@tiran tiran added prioritized Pull Request has higher priority for PR-CI needs review Pull Request is waiting for a review ipa-4-8 Mark for backport to ipa 4.8 labels Sep 28, 2020
@abbra
Copy link
Contributor

abbra commented Sep 28, 2020

LGTM.

@tiran
Ensure that resolved.conf.d is accessible
22b929c 
systemd-resolved runs as user systemd-resolve. Ensure that
resolved.conf.d drop-in directory is accessible when installer runs with
restricted umask. Also ensure the file and directory has correct SELinux
context.

The parent directory /etc/systemd exists on all platforms.

Fixes: https://pagure.io/freeipa/issue/8275
Signed-off-by: Christian Heimes <cheimes@redhat.com>
@tiran
Also backup DNS config drop-ins
4566d1a 
/etc/NetworkManager/conf.d and /etc/systemd/resolved.conf.d drop-in
files were not backed up.

Related: https://pagure.io/freeipa/issue/8275
Signed-off-by: Christian Heimes <cheimes@redhat.com>
@tiran tiran force-pushed the issue8275_resolved_permission branch from b911f85 to 4566d1a Compare September 28, 2020 10:30
@abbra abbra added ack Pull Request approved, can be merged and removed needs review Pull Request is waiting for a review labels Sep 28, 2020
@tiran tiran added the pushed Pull Request has already been pushed label Sep 28, 2020
@tiran
Copy link
Member Author

tiran commented Sep 28, 2020

master:

  • 34e4777 Ensure that resolved.conf.d is accessible
  • ced1dcb Also backup DNS config drop-ins

@tiran tiran closed this Sep 28, 2020
@tiran tiran mentioned this pull request Sep 28, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ack Pull Request approved, can be merged ipa-4-8 Mark for backport to ipa 4.8 prioritized Pull Request has higher priority for PR-CI pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
2 participants
@tiran @abbra