From a9c6a94b998e8efc4b9d520648327cd43c6a0313 Mon Sep 17 00:00:00 2001 From: Simone Caronni Date: Tue, 6 Dec 2011 09:48:33 +0100 Subject: [PATCH] Add POSIX.1e capabilities to bacula-fd --- bacula-dir.service | 2 +- bacula-fd.service | 2 +- bacula-fd.sysconfig | 6 ++++++ bacula-sd.service | 2 +- bacula.spec | 10 ++++++++-- 5 files changed, 17 insertions(+), 5 deletions(-) diff --git a/bacula-dir.service b/bacula-dir.service index b3fecaa..432c925 100644 --- a/bacula-dir.service +++ b/bacula-dir.service @@ -7,7 +7,7 @@ After=network.target Environment=CONFIG=/etc/bacula/bacula-dir.conf EnvironmentFile=-/etc/sysconfig/bacula-dir ExecStartPre=/usr/sbin/bacula-checkconf $CONFIG -ExecStart=/usr/sbin/bacula-dir -f -c $CONFIG -u $DIR_USER -g $DIR_GROUP +ExecStart=/usr/sbin/bacula-dir -f $OPTS -c $CONFIG -u $DIR_USER -g $DIR_GROUP StandardOutput=syslog Restart=always diff --git a/bacula-fd.service b/bacula-fd.service index abd9e66..608c923 100644 --- a/bacula-fd.service +++ b/bacula-fd.service @@ -7,7 +7,7 @@ After=network.target Environment=CONFIG=/etc/bacula/bacula-fd.conf EnvironmentFile=-/etc/sysconfig/bacula-fd ExecStartPre=/usr/sbin/bacula-checkconf $CONFIG -ExecStart=/usr/sbin/bacula-fd -f -c $CONFIG -u $FD_USER -g $FD_GROUP +ExecStart=/usr/sbin/bacula-fd -f $OPTS -c $CONFIG -u $FD_USER -g $FD_GROUP IOSchedulingClass=idle StandardOutput=syslog Restart=always diff --git a/bacula-fd.sysconfig b/bacula-fd.sysconfig index 2476fec..68dfb1e 100644 --- a/bacula-fd.sysconfig +++ b/bacula-fd.sysconfig @@ -4,3 +4,9 @@ FD_USER=root FD_GROUP=root +# Set the following options if you want to run bacula-fd with ReadAll +# capabilities after UID/GID switch. +# This allows the File Daemon to keep root read but drop write permission. +# OPTS="-k" +# FD_USER="bacula" +# FD_GROUP="bacula" diff --git a/bacula-sd.service b/bacula-sd.service index 19847f0..d32bee3 100644 --- a/bacula-sd.service +++ b/bacula-sd.service @@ -7,7 +7,7 @@ After=network.target Environment=CONFIG=/etc/bacula/bacula-sd.conf EnvironmentFile=-/etc/sysconfig/bacula-sd ExecStartPre=/usr/sbin/bacula-checkconf $CONFIG -ExecStart=/usr/sbin/bacula-sd -f -c $CONFIG -u $SD_USER -g $SD_GROUP +ExecStart=/usr/sbin/bacula-sd -f $OPTS -c $CONFIG -u $SD_USER -g $SD_GROUP StandardOutput=syslog Restart=always diff --git a/bacula.spec b/bacula.spec index 7c2969f..d8d87a9 100644 --- a/bacula.spec +++ b/bacula.spec @@ -1,6 +1,6 @@ Name: bacula Version: 5.2.2 -Release: 6%{?dist} +Release: 7%{?dist} Summary: Cross platform network backup for Linux, Unix, Mac and Windows # See LICENSE for details License: GPLv2 with exceptions @@ -35,7 +35,7 @@ BuildRequires: libstdc++-devel, libxml2-devel, zlib-devel BuildRequires: mysql-devel, postgresql-devel, sqlite-devel BuildRequires: desktop-file-utils, python-devel, lzo-devel, sed BuildRequires: libacl-devel, latex2html, tetex-latex, tetex, ghostscript -BuildRequires: readline-devel +BuildRequires: readline-devel, libcap-devel %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 BuildRequires: qt4-devel >= 4.6.2 @@ -817,6 +817,12 @@ fi %changelog +* Tue Dec 06 2011 Simone Caronni - 5.2.2-7 +- Added libcap for POSIX.1e capabilities in bacula-fd (5.0.0 feature). +- Allow systemd files to read options set in the sysconfig + configuration files like SysV scripts to enable capabilities. +- Set capabilities as optional for now. + * Mon Dec 05 2011 Simone Caronni - 5.2.2-6 - Removed leftover files and small rpmlint fixes. - Additional file moves between packages.