Make named home writeable (#1422680)
Signed-off-by: Petr Menšík <pemensik@redhat.com>
This commit is contained in:
Petr Menšík
parent
de74eb1feb
commit
0188ce47c6
26
bind.spec
26
bind.spec
@ -44,7 +44,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
|
||||
Name: bind
|
||||
License: MPLv2.0
|
||||
Version: 9.11.3
|
||||
Release: 8%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
|
||||
Release: 9%{?PATCHVER:.%{PATCHVER}}%{?PREVER:.%{PREVER}}%{?dist}
|
||||
Epoch: 32
|
||||
Url: http://www.isc.org/products/BIND/
|
||||
#
|
||||
@ -86,7 +86,6 @@ Patch102:bind-95-rh452060.patch
|
||||
Patch106:bind93-rh490837.patch
|
||||
Patch109:bind97-rh478718.patch
|
||||
Patch112:bind97-rh645544.patch
|
||||
Patch119:bind97-rh693982.patch
|
||||
Patch130:bind-9.9.1-P2-dlz-libdb.patch
|
||||
Patch131:bind-9.9.1-P2-multlib-conflict.patch
|
||||
Patch133:bind99-rh640538.patch
|
||||
@ -135,6 +134,8 @@ Provides: caching-nameserver = 31:9.4.1-7.fc8
|
||||
Obsoletes: dnssec-conf < 1.27-2
|
||||
Provides: dnssec-conf = 1.27-2
|
||||
BuildRequires: gcc, make
|
||||
# FIXME: Enter correct version of policy changing the directory
|
||||
Conflicts: selinux-policy < 3.13.1-283.34
|
||||
BuildRequires: openssl-devel, libtool, autoconf, pkgconfig, libcap-devel
|
||||
BuildRequires: libidn2-devel, libxml2-devel, GeoIP-devel
|
||||
BuildRequires: systemd
|
||||
@ -430,7 +431,6 @@ are used for building ISC DHCP.
|
||||
%patch106 -p0 -b .rh490837
|
||||
%patch109 -p1 -b .rh478718
|
||||
%patch112 -p1 -b .rh645544
|
||||
%patch119 -p1 -b .rh693982
|
||||
%patch130 -p1 -b .libdb
|
||||
%patch131 -p1 -b .multlib-conflict
|
||||
%patch140 -p1 -b .rh1410433
|
||||
@ -1105,19 +1105,20 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
# Hide configuration
|
||||
%defattr(0640,root,named,0750)
|
||||
%dir %{_sysconfdir}/named
|
||||
%dir %{_localstatedir}/named
|
||||
%config(noreplace) %verify(not link) %{_sysconfdir}/named.conf
|
||||
%config(noreplace) %verify(not link) %{_sysconfdir}/named.rfc1912.zones
|
||||
%config %verify(not link) %{_localstatedir}/named/named.ca
|
||||
%config %verify(not link) %{_localstatedir}/named/named.localhost
|
||||
%config %verify(not link) %{_localstatedir}/named/named.loopback
|
||||
%config %verify(not link) %{_localstatedir}/named/named.empty
|
||||
%defattr(0660,root,named,01770)
|
||||
%dir %{_localstatedir}/named
|
||||
%defattr(0660,named,named,0770)
|
||||
%dir %{_localstatedir}/named/slaves
|
||||
%dir %{_localstatedir}/named/data
|
||||
%dir %{_localstatedir}/named/dynamic
|
||||
%ghost %{_localstatedir}/log/named.log
|
||||
%defattr(0640,root,named,0750)
|
||||
%config %verify(not link) %{_localstatedir}/named/named.ca
|
||||
%config %verify(not link) %{_localstatedir}/named/named.localhost
|
||||
%config %verify(not link) %{_localstatedir}/named/named.loopback
|
||||
%config %verify(not link) %{_localstatedir}/named/named.empty
|
||||
%ghost %config(noreplace) %{_sysconfdir}/rndc.key
|
||||
# ^- rndc.key now created on first install only if it does not exist
|
||||
%ghost %config(noreplace) %{_sysconfdir}/rndc.conf
|
||||
@ -1254,12 +1255,13 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%dir %{chroot_prefix}/etc/crypto-policies/back-ends
|
||||
%dir %{chroot_prefix}/var
|
||||
%dir %{chroot_prefix}/run
|
||||
%dir %{chroot_prefix}/var/named
|
||||
%ghost %config(noreplace) %{chroot_prefix}/etc/named.conf
|
||||
%defattr(-,root,root,-)
|
||||
%dir %{chroot_prefix}/usr
|
||||
%dir %{chroot_prefix}/%{_libdir}
|
||||
%dir %{chroot_prefix}/%{_libdir}/bind
|
||||
%defattr(0660,root,named,01770)
|
||||
%dir %{chroot_prefix}/var/named
|
||||
%defattr(0660,named,named,0770)
|
||||
%dir %{chroot_prefix}/var/tmp
|
||||
%dir %{chroot_prefix}/var/log
|
||||
@ -1287,8 +1289,9 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
%dir %{chroot_sdb_prefix}/etc/crypto-policies/back-ends
|
||||
%dir %{chroot_sdb_prefix}/var
|
||||
%dir %{chroot_sdb_prefix}/run
|
||||
%dir %{chroot_sdb_prefix}/var/named
|
||||
%ghost %config(noreplace) %{chroot_sdb_prefix}/etc/named.conf
|
||||
%defattr(0660,root,named,01770)
|
||||
%dir %{chroot_sdb_prefix}/var/named
|
||||
%defattr(-,root,root,-)
|
||||
%dir %{chroot_sdb_prefix}/usr
|
||||
%dir %{chroot_sdb_prefix}/%{_libdir}
|
||||
@ -1396,6 +1399,9 @@ rm -rf ${RPM_BUILD_ROOT}
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri May 25 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-9
|
||||
- Make named home writeable (#1422680)
|
||||
|
||||
* Fri May 25 2018 Petr Menšík <pemensik@redhat.com> - 32:9.11.3-8
|
||||
- Require C++ on build when shipped atf library is used
|
||||
|
||||
|
||||
@ -1,36 +0,0 @@
|
||||
diff --git a/bin/named/server.c b/bin/named/server.c
|
||||
index 20a6e31..dececd5 100644
|
||||
--- a/bin/named/server.c
|
||||
+++ b/bin/named/server.c
|
||||
@@ -8126,15 +8126,6 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
ns_os_changeuser();
|
||||
}
|
||||
|
||||
- /*
|
||||
- * Check that the working directory is writable.
|
||||
- */
|
||||
- if (!isc_file_isdirwritable(".")) {
|
||||
- isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
|
||||
- NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
|
||||
- "the working directory is not writable");
|
||||
- }
|
||||
-
|
||||
#ifdef HAVE_LMDB
|
||||
/*
|
||||
* Reopen NZD databases.
|
||||
@@ -8209,6 +8200,15 @@ load_configuration(const char *filename, ns_server_t *server,
|
||||
"config file");
|
||||
}
|
||||
|
||||
+ /*
|
||||
+ * Check that the working directory is writable.
|
||||
+ */
|
||||
+ if (!isc_file_isdirwritable(".")) {
|
||||
+ isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
|
||||
+ NS_LOGMODULE_SERVER, ISC_LOG_DEBUG(1),
|
||||
+ "the working directory is not writable");
|
||||
+ }
|
||||
+
|
||||
/*
|
||||
* Set the default value of the query logging flag depending
|
||||
* whether a "queries" category has been defined. This is
|
||||
Loading…
Reference in New Issue
Block a user