From e3e7bad0ce46690ac984a59fcdab9676ea3c3fda Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr>
Date: Thu, 25 Jan 2024 10:39:33 +0100
Subject: [PATCH] Use install to setup permissions directly

---
 audit.spec | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/audit.spec b/audit.spec
index 804f354..113f191 100644
--- a/audit.spec
+++ b/audit.spec
@@ -158,17 +158,15 @@ if [ "$files" -eq 0 ] ; then
 	echo "No rules detected, adding default"
 %if 0%{?rhel}
 	if [ -e %{_datadir}/%{name}-rules/10-base-config.rules ] ; then
-		cp %{_datadir}/%{name}-rules/10-base-config.rules /etc/audit/rules.d/audit.rules
+		install -m 0600 -u 0 -g 0 -p %{_datadir}/%{name}-rules/10-base-config.rules /etc/audit/rules.d/audit.rules
 %else
 	# FESCO asked for audit to be off by default. #1117953
 	if [ -e %{_datadir}/%{name}-rules/10-no-audit.rules ] ; then
-	        cp %{_datadir}/%{name}-rules/10-no-audit.rules /etc/audit/rules.d/audit.rules
+        install -m 0600 -u 0 -g 0 -p %{_datadir}/%{name}-rules/10-no-audit.rules /etc/audit/rules.d/audit.rules
 %endif
 	else
-		touch /etc/audit/rules.d/audit.rules
+		install -m 0600 -u 0 -g 0 /dev/null /etc/audit/rules.d/audit.rules
 	fi
-	# Fix up permissions
-	chmod 0600 /etc/audit/rules.d/audit.rules
 	# Make the new rules active
 	augenrules --load || true
 fi