Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

15.2.1 cps #627

Merged
merged 2 commits into from
Oct 15, 2020
Merged

15.2.1 cps #627

merged 2 commits into from
Oct 15, 2020

Conversation

ehelms
Copy link
Member

@ehelms ehelms commented Oct 15, 2020

No description provided.

@ekohl @ehelms
Do not set recursive ACLs on dhcp
595a762 
The cause for this change is the correct chaining. Previously there was
no guarantee when the ACL was applied. In practice it was often done as:
File[/etc/dhcp] -> Exec[setfacl] -> File[/etc/dhcp/dhcpd.conf]

This meant the dhcpd.conf file didn't receive the ACL anyway. After
chaining to Class['dhcp'] (to guarantee all files existed) it turns out
that /etc/dhcp/dhcpd.conf would become executable. That resulted in
idempotency problems.

The Proxy needs to read dhcpd.conf, but that's guaranteed to be mode
0644 by theforeman/dhcp. Only the DHCP dir itself can have mode 0750
(owned by root:root) which is why the ACL is needed. By making it
non-recursive and done after Class[dhcp] these problems are avoided.

(cherry picked from commit 807b102)
@ekohl @ehelms
Do not set ACLs on DHCP leases directory
5d89a02 
By default this directory is set to mode 0755 on EL7, EL8, Debian 10 and
Ubuntu 18.04. Those are all the platforms we set ACLs so there's no need
to do this.

The result is that rpm -qV dhcp (on EL7) doesn't complain about
/var/lib/dhcpd being modified.

(cherry picked from commit 4854f61)
ekohl
ekohl approved these changes Oct 15, 2020
View reviewed changes
Copy link
Member

@ekohl ekohl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do think this feels closer to a 15.3.0.

@ehelms ehelms merged commit ce7ac59 into theforeman:15.2-stable Oct 15, 2020
@ehelms ehelms mentioned this pull request Oct 19, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ekohl ekohl ekohl approved these changes

Assignees
No one assigned
Labels
Needs testing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ehelms @ekohl @theforeman-bot