diff options
| author | Timothy Redaelli <tredaelli@redhat.com> | 2018-05-23 15:46:32 +0200 |
|---|---|---|
| committer | Ben Pfaff <blp@ovn.org> | 2018-05-23 13:20:53 -0700 |
| commit | 3f556d66edb9609590d935ad74cf89bd57423ecb (patch) | |
| tree | 786b996597b45864494ab1ac85c4470f6f50d5b7 /rhel | |
| parent | 732965bc7d87bf68dce91b46ad2478dce399dc98 (diff) | |
| download | openvswitch-3f556d66edb9609590d935ad74cf89bd57423ecb.tar.gz | |
rhel: Use openvswitch user/group for the log directory
Commit 94cd8383e297 ("rhel: fix log directory permissions") restored the
old 755 permission on /var/log/openvswitch and this can result in the
exposure of sensitive information.
Since commit f624bf23b62a ("rhel: user/group openvswitch does not exist")
moved the user/group creations in %pre phase it's now possible to change
/var/log/openvswitch user/group to openvswitch:openvswitch and remove
the r/x bits for other again without having the "permission denied"
error when the logs are rotated.
CC: Aaron Conole <aconole@redhat.com>
Fixes: 94cd8383e297 ("rhel: fix log directory permissions")
Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Reviewed-by: Markos Chandras <mchandras@suse.de>
Diffstat (limited to 'rhel')
| -rw-r--r-- | rhel/openvswitch-fedora.spec.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in index 9462ce236..64a87a793 100644 --- a/rhel/openvswitch-fedora.spec.in +++ b/rhel/openvswitch-fedora.spec.in @@ -591,7 +591,7 @@ fi %endif %doc NOTICE README.rst NEWS rhel/README.RHEL.rst /var/lib/openvswitch -%attr(755,-,-) /var/log/openvswitch +%attr(750,openvswitch,openvswitch) /var/log/openvswitch %ghost %attr(755,root,root) %{_rundir}/openvswitch %files ovn-docker |