change ownership of /var/lib/dhcpd/ to dhcpd:dhcpd (#744292)

no need to drop capabilies in dhcpd since it's been running as regular user

dhcp-4.2.2-capability.patch

@@ -248,76 +248,3 @@ diff -up dhcp-4.2.2b1/relay/Makefile.am.capability dhcp-4.2.2b1/relay/Makefile.a
  man_MANS = dhcrelay.8
  EXTRA_DIST = $(man_MANS)
  
-diff -up dhcp-4.2.2b1/server/dhcpd.c.capability dhcp-4.2.2b1/server/dhcpd.c
---- dhcp-4.2.2b1/server/dhcpd.c.capability	2011-07-01 15:09:06.636784192 +0200
-+++ dhcp-4.2.2b1/server/dhcpd.c	2011-07-01 15:09:06.670783841 +0200
-@@ -58,6 +58,11 @@ static const char url [] =
- #  undef group
- #endif /* PARANOIA */
- 
-+#ifdef HAVE_LIBCAP_NG
-+#  include <cap-ng.h>
-+   int keep_capabilities = 0;
-+#endif
-+
- static void usage(void);
- 
- struct iaddr server_identifier;
-@@ -403,6 +408,10 @@ main(int argc, char **argv) {
- 			traceinfile = argv [i];
- 			trace_replay_init ();
- #endif /* TRACING */
-+		} else if (!strcmp(argv[i], "-nc")) {
-+#ifdef HAVE_LIBCAP_NG
-+			keep_capabilities = 1;
-+#endif
- 		} else if (argv [i][0] == '-') {
- 			usage ();
- 		} else {
-@@ -459,6 +468,17 @@ main(int argc, char **argv) {
-         }
- #endif /* DHCPv6 */
- 
-+#ifdef HAVE_LIBCAP_NG
-+	/* Drop capabilities */
-+	if (!keep_capabilities) {
-+		capng_clear(CAPNG_SELECT_BOTH);
-+		capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
-+				CAP_NET_RAW, CAP_NET_BIND_SERVICE, CAP_SYS_CHROOT, CAP_SETUID, CAP_SETGID, -1);
-+		capng_apply(CAPNG_SELECT_BOTH);
-+		log_info ("Dropped all unnecessary capabilities.");
-+	}
-+#endif
-+
-         /*
-          * convert relative path names to absolute, for files that need
-          * to be reopened after chdir() has been called
-@@ -859,6 +879,15 @@ main(int argc, char **argv) {
- 	omapi_set_int_value ((omapi_object_t *)dhcp_control_object,
- 			     (omapi_object_t *)0, "state", server_running);
- 
-+#ifdef HAVE_LIBCAP_NG
-+	/* Drop all capabilities */
-+	if (!keep_capabilities) {
-+		capng_clear(CAPNG_SELECT_BOTH);
-+		capng_apply(CAPNG_SELECT_BOTH);
-+		log_info ("Dropped all capabilities.");
-+	}
-+#endif
-+
- 	/* Receive packets and dispatch them... */
- 	dispatch ();
- 
-diff -up dhcp-4.2.2b1/server/Makefile.am.capability dhcp-4.2.2b1/server/Makefile.am
---- dhcp-4.2.2b1/server/Makefile.am.capability	2011-07-01 15:09:06.546785121 +0200
-+++ dhcp-4.2.2b1/server/Makefile.am	2011-07-01 15:09:06.671783830 +0200
-@@ -8,7 +8,8 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c
- 
- dhcpd_CFLAGS = $(LDAP_CFLAGS)
- dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
--	      ../dhcpctl/libdhcpctl.a $(BIND9_LIBDIR) -ldns-export -lisc-export
-+	      ../dhcpctl/libdhcpctl.a $(BIND9_LIBDIR) -ldns-export -lisc-export \
-+	      $(CAPNG_LDADD)
- 
- man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
- EXTRA_DIST = $(man_MANS)

dhcp-4.2.2-sharedlib.patch

@@ -1,7 +1,7 @@
 diff -up dhcp-4.2.2/client/Makefile.am.sharedlib dhcp-4.2.2/client/Makefile.am
---- dhcp-4.2.2/client/Makefile.am.sharedlib	2011-09-09 16:35:56.000000000 +0200
+--- dhcp-4.2.2/client/Makefile.am.sharedlib	2011-10-09 20:07:40.000000000 +0200
-+++ dhcp-4.2.2/client/Makefile.am	2011-09-09 16:36:29.849007951 +0200
++++ dhcp-4.2.2/client/Makefile.am	2011-10-09 20:07:40.000000000 +0200
-@@ -4,7 +4,7 @@ dhclient_SOURCES = clparse.c dhclient.c
+@@ -4,7 +4,7 @@ dhclient_SOURCES = clparse.c dhclient.c 
  		   scripts/bsdos scripts/freebsd scripts/linux scripts/macos \
  		   scripts/netbsd scripts/nextstep scripts/openbsd \
  		   scripts/solaris scripts/openwrt
@@ -11,8 +11,8 @@ diff -up dhcp-4.2.2/client/Makefile.am.sharedlib dhcp-4.2.2/client/Makefile.am
  man_MANS = dhclient.8 dhclient-script.8 dhclient.conf.5 dhclient.leases.5
  EXTRA_DIST = $(man_MANS)
 diff -up dhcp-4.2.2/configure.ac.sharedlib dhcp-4.2.2/configure.ac
---- dhcp-4.2.2/configure.ac.sharedlib	2011-09-09 16:35:56.097000001 +0200
+--- dhcp-4.2.2/configure.ac.sharedlib	2011-10-09 20:07:40.000000000 +0200
-+++ dhcp-4.2.2/configure.ac	2011-09-09 16:35:56.383000000 +0200
++++ dhcp-4.2.2/configure.ac	2011-10-09 20:07:40.000000000 +0200
 @@ -30,7 +30,8 @@ fi
  # Use this to define _GNU_SOURCE to pull in the IPv6 Advanced Socket API.
  AC_USE_SYSTEM_EXTENSIONS
@@ -24,8 +24,8 @@ diff -up dhcp-4.2.2/configure.ac.sharedlib dhcp-4.2.2/configure.ac
  
  # we sometimes need to know byte order for building packets
 diff -up dhcp-4.2.2/dhcpctl/Makefile.am.sharedlib dhcp-4.2.2/dhcpctl/Makefile.am
---- dhcp-4.2.2/dhcpctl/Makefile.am.sharedlib	2011-09-09 16:35:55.459000001 +0200
+--- dhcp-4.2.2/dhcpctl/Makefile.am.sharedlib	2011-10-09 20:07:39.000000000 +0200
-+++ dhcp-4.2.2/dhcpctl/Makefile.am	2011-09-09 16:35:56.384000000 +0200
++++ dhcp-4.2.2/dhcpctl/Makefile.am	2011-10-09 20:07:40.000000000 +0200
 @@ -1,15 +1,15 @@
  bin_PROGRAMS = omshell
 -lib_LIBRARIES = libdhcpctl.a
@@ -48,7 +48,7 @@ diff -up dhcp-4.2.2/dhcpctl/Makefile.am.sharedlib dhcp-4.2.2/dhcpctl/Makefile.am
  	       $(BIND9_LIBDIR) -ldns-export -lisc-export
 diff -up dhcp-4.2.2/dst/base64.c.sharedlib dhcp-4.2.2/dst/base64.c
 --- dhcp-4.2.2/dst/base64.c.sharedlib	2009-11-20 02:49:01.000000000 +0100
-+++ dhcp-4.2.2/dst/base64.c	2011-09-09 16:35:56.385000000 +0200
++++ dhcp-4.2.2/dst/base64.c	2011-10-09 20:07:40.000000000 +0200
 @@ -64,6 +64,7 @@ static const char rcsid[] = "$Id: base64
  
  #include <sys/socket.h>
@@ -59,7 +59,7 @@ diff -up dhcp-4.2.2/dst/base64.c.sharedlib dhcp-4.2.2/dst/base64.c
  #include "arpa/nameser.h"
 diff -up dhcp-4.2.2/dst/Makefile.am.sharedlib dhcp-4.2.2/dst/Makefile.am
 --- dhcp-4.2.2/dst/Makefile.am.sharedlib	2007-05-29 18:32:10.000000000 +0200
-+++ dhcp-4.2.2/dst/Makefile.am	2011-09-09 16:35:56.386000000 +0200
++++ dhcp-4.2.2/dst/Makefile.am	2011-10-09 20:07:40.000000000 +0200
 @@ -1,8 +1,8 @@
  AM_CPPFLAGS = -DMINIRES_LIB -DHMAC_MD5
  
@@ -72,8 +72,8 @@ diff -up dhcp-4.2.2/dst/Makefile.am.sharedlib dhcp-4.2.2/dst/Makefile.am
  
  EXTRA_DIST = dst_internal.h md5.h md5_locl.h
 diff -up dhcp-4.2.2/omapip/Makefile.am.sharedlib dhcp-4.2.2/omapip/Makefile.am
---- dhcp-4.2.2/omapip/Makefile.am.sharedlib	2011-09-09 16:35:55.000000000 +0200
+--- dhcp-4.2.2/omapip/Makefile.am.sharedlib	2011-10-09 20:07:39.000000000 +0200
-+++ dhcp-4.2.2/omapip/Makefile.am	2011-09-09 16:37:36.734000324 +0200
++++ dhcp-4.2.2/omapip/Makefile.am	2011-10-09 20:07:40.000000000 +0200
 @@ -1,7 +1,7 @@
 -lib_LIBRARIES = libomapi.a
 +lib_LTLIBRARIES = libomapi.la
@@ -92,8 +92,8 @@ diff -up dhcp-4.2.2/omapip/Makefile.am.sharedlib dhcp-4.2.2/omapip/Makefile.am
 +svtest_LDADD = libomapi.la $(BIND9_LIBDIR) -ldns-export -lisc-export
  
 diff -up dhcp-4.2.2/relay/Makefile.am.sharedlib dhcp-4.2.2/relay/Makefile.am
---- dhcp-4.2.2/relay/Makefile.am.sharedlib	2011-09-09 16:35:56.000000000 +0200
+--- dhcp-4.2.2/relay/Makefile.am.sharedlib	2011-10-09 20:07:40.000000000 +0200
-+++ dhcp-4.2.2/relay/Makefile.am	2011-09-09 16:37:57.058019749 +0200
++++ dhcp-4.2.2/relay/Makefile.am	2011-10-09 20:07:40.000000000 +0200
 @@ -2,7 +2,7 @@ AM_CPPFLAGS = -DLOCALSTATEDIR='"@localst
  
  sbin_PROGRAMS = dhcrelay
@@ -104,16 +104,16 @@ diff -up dhcp-4.2.2/relay/Makefile.am.sharedlib dhcp-4.2.2/relay/Makefile.am
  man_MANS = dhcrelay.8
  EXTRA_DIST = $(man_MANS)
 diff -up dhcp-4.2.2/server/Makefile.am.sharedlib dhcp-4.2.2/server/Makefile.am
---- dhcp-4.2.2/server/Makefile.am.sharedlib	2011-09-09 16:35:56.000000000 +0200
+--- dhcp-4.2.2/server/Makefile.am.sharedlib	2011-10-09 20:07:39.000000000 +0200
-+++ dhcp-4.2.2/server/Makefile.am	2011-09-09 16:38:56.291004599 +0200
++++ dhcp-4.2.2/server/Makefile.am	2011-10-09 20:08:26.000000000 +0200
 @@ -7,8 +7,8 @@ dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c c
  		dhcpv6.c mdb6.c ldap.c ldap_casa.c
  
  dhcpd_CFLAGS = $(LDAP_CFLAGS)
 -dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.a \
--	      ../dhcpctl/libdhcpctl.a $(BIND9_LIBDIR) -ldns-export -lisc-export \
+-	      ../dhcpctl/libdhcpctl.a $(BIND9_LIBDIR) -ldns-export -lisc-export
 +dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
-+	      ../dhcpctl/libdhcpctl.la $(BIND9_LIBDIR) -ldns-export -lisc-export \
++	      ../dhcpctl/libdhcpctl.la $(BIND9_LIBDIR) -ldns-export -lisc-export
- 	      $(CAPNG_LDADD)
  
  man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
+ EXTRA_DIST = $(man_MANS)

dhcp-4.2.2-systemtap.patch

@@ -1,6 +1,6 @@
 diff -up dhcp-4.2.2/configure.ac.systemtap dhcp-4.2.2/configure.ac
---- dhcp-4.2.2/configure.ac.systemtap	2011-09-21 15:13:35.515434854 +0200
+--- dhcp-4.2.2/configure.ac.systemtap	2011-10-09 20:22:23.000000000 +0200
-+++ dhcp-4.2.2/configure.ac	2011-09-21 15:13:35.574434049 +0200
++++ dhcp-4.2.2/configure.ac	2011-10-09 20:22:23.000000000 +0200
 @@ -485,6 +485,35 @@ else
      AC_MSG_RESULT(no)
  fi
@@ -46,8 +46,8 @@ diff -up dhcp-4.2.2/configure.ac.systemtap dhcp-4.2.2/configure.ac
  
  sh util/bindvar.sh
 diff -up dhcp-4.2.2/Makefile.am.systemtap dhcp-4.2.2/Makefile.am
---- dhcp-4.2.2/Makefile.am.systemtap	2011-09-21 15:13:35.339437258 +0200
+--- dhcp-4.2.2/Makefile.am.systemtap	2011-10-09 20:22:23.000000000 +0200
-+++ dhcp-4.2.2/Makefile.am	2011-09-21 15:13:35.574434049 +0200
++++ dhcp-4.2.2/Makefile.am	2011-10-09 20:22:23.000000000 +0200
 @@ -29,5 +29,8 @@ endif
  
  SUBDIRS += includes tests common dst omapip client dhcpctl relay server
@@ -58,8 +58,8 @@ diff -up dhcp-4.2.2/Makefile.am.systemtap dhcp-4.2.2/Makefile.am
  nobase_include_HEADERS = dhcpctl/dhcpctl.h
  
 diff -up dhcp-4.2.2/server/dhcp.c.systemtap dhcp-4.2.2/server/dhcp.c
---- dhcp-4.2.2/server/dhcp.c.systemtap	2011-09-21 15:13:35.362436945 +0200
+--- dhcp-4.2.2/server/dhcp.c.systemtap	2011-10-09 20:22:23.000000000 +0200
-+++ dhcp-4.2.2/server/dhcp.c	2011-09-21 15:13:35.576434021 +0200
++++ dhcp-4.2.2/server/dhcp.c	2011-10-09 20:22:23.000000000 +0200
 @@ -36,7 +36,7 @@
  #include <errno.h>
  #include <limits.h>
@@ -233,29 +233,28 @@ diff -up dhcp-4.2.2/server/dhcp.c.systemtap dhcp-4.2.2/server/dhcp.c
  }
  
 diff -up dhcp-4.2.2/server/dhcpd.c.systemtap dhcp-4.2.2/server/dhcpd.c
---- dhcp-4.2.2/server/dhcpd.c.systemtap	2011-09-21 15:13:35.471435455 +0200
+--- dhcp-4.2.2/server/dhcpd.c.systemtap	2011-10-09 20:22:23.000000000 +0200
-+++ dhcp-4.2.2/server/dhcpd.c	2011-09-21 15:14:47.686449112 +0200
++++ dhcp-4.2.2/server/dhcpd.c	2011-10-09 20:24:24.000000000 +0200
-@@ -63,6 +63,8 @@ static const char url [] =
+@@ -58,6 +58,8 @@ static const char url [] =
-    int keep_capabilities = 0;
+ #  undef group
- #endif
+ #endif /* PARANOIA */
  
 +#include "trace.h"
 +
  static void usage(void);
  
  struct iaddr server_identifier;
-@@ -887,7 +889,7 @@ main(int argc, char **argv) {
+@@ -859,6 +861,7 @@ main(int argc, char **argv) {
- 		log_info ("Dropped all capabilities.");
+ 	omapi_set_int_value ((omapi_object_t *)dhcp_control_object,
- 	}
+ 			     (omapi_object_t *)0, "state", server_running);
- #endif
+ 
--
++        TRACE(DHCPD_MAIN());
-+	TRACE(DHCPD_MAIN());
  	/* Receive packets and dispatch them... */
  	dispatch ();
  
 diff -up dhcp-4.2.2/server/dhcpv6.c.systemtap dhcp-4.2.2/server/dhcpv6.c
---- dhcp-4.2.2/server/dhcpv6.c.systemtap	2011-09-21 15:13:35.528434676 +0200
+--- dhcp-4.2.2/server/dhcpv6.c.systemtap	2011-10-09 20:22:23.000000000 +0200
-+++ dhcp-4.2.2/server/dhcpv6.c	2011-09-21 15:13:35.579433979 +0200
++++ dhcp-4.2.2/server/dhcpv6.c	2011-10-09 20:22:23.000000000 +0200
 @@ -15,6 +15,7 @@
   */
  
@@ -428,7 +427,7 @@ diff -up dhcp-4.2.2/server/dhcpv6.c.systemtap dhcp-4.2.2/server/dhcpv6.c
  static void
 diff -up dhcp-4.2.2/server/failover.c.systemtap dhcp-4.2.2/server/failover.c
 --- dhcp-4.2.2/server/failover.c.systemtap	2011-05-11 16:21:00.000000000 +0200
-+++ dhcp-4.2.2/server/failover.c	2011-09-21 15:13:35.584433913 +0200
++++ dhcp-4.2.2/server/failover.c	2011-10-09 20:22:23.000000000 +0200
 @@ -35,6 +35,8 @@
  #include "dhcpd.h"
  #include <omapip/omapip_p.h>
@@ -475,8 +474,8 @@ diff -up dhcp-4.2.2/server/failover.c.systemtap dhcp-4.2.2/server/failover.c
  }
  
 diff -up dhcp-4.2.2/server/Makefile.am.systemtap dhcp-4.2.2/server/Makefile.am
---- dhcp-4.2.2/server/Makefile.am.systemtap	2011-09-21 15:13:35.517434828 +0200
+--- dhcp-4.2.2/server/Makefile.am.systemtap	2011-10-09 20:22:23.000000000 +0200
-+++ dhcp-4.2.2/server/Makefile.am	2011-09-21 15:13:35.585433900 +0200
++++ dhcp-4.2.2/server/Makefile.am	2011-10-09 20:22:23.000000000 +0200
 @@ -4,7 +4,7 @@ dist_sysconf_DATA = dhcpd.conf
  sbin_PROGRAMS = dhcpd
  dhcpd_SOURCES = dhcpd.c dhcp.c bootp.c confpars.c db.c class.c failover.c \
@@ -486,7 +485,7 @@ diff -up dhcp-4.2.2/server/Makefile.am.systemtap dhcp-4.2.2/server/Makefile.am
  
  dhcpd_CFLAGS = $(LDAP_CFLAGS)
  dhcpd_LDADD = ../common/libdhcp.a ../omapip/libomapi.la \
-@@ -14,3 +14,13 @@ dhcpd_LDADD = ../common/libdhcp.a ../oma
+@@ -13,3 +13,13 @@ dhcpd_LDADD = ../common/libdhcp.a ../oma
  man_MANS = dhcpd.8 dhcpd.conf.5 dhcpd.leases.5
  EXTRA_DIST = $(man_MANS)
  
@@ -501,8 +500,8 @@ diff -up dhcp-4.2.2/server/Makefile.am.systemtap dhcp-4.2.2/server/Makefile.am
 +dhcpd_LDADD += probes.o
 +endif
 diff -up dhcp-4.2.2/server/probes.d.systemtap dhcp-4.2.2/server/probes.d
---- dhcp-4.2.2/server/probes.d.systemtap	2011-09-21 15:13:35.585433900 +0200
+--- dhcp-4.2.2/server/probes.d.systemtap	2011-10-09 20:22:23.000000000 +0200
-+++ dhcp-4.2.2/server/probes.d	2011-09-21 15:13:35.585433900 +0200
++++ dhcp-4.2.2/server/probes.d	2011-10-09 20:22:23.000000000 +0200
 @@ -0,0 +1,43 @@
 +provider dhcpd {
 +	 probe main();
@@ -548,8 +547,8 @@ diff -up dhcp-4.2.2/server/probes.d.systemtap dhcp-4.2.2/server/probes.d
 +	 probe failover_set_state_done()
 +};
 diff -up dhcp-4.2.2/server/trace.h.systemtap dhcp-4.2.2/server/trace.h
---- dhcp-4.2.2/server/trace.h.systemtap	2011-09-21 15:13:35.585433900 +0200
+--- dhcp-4.2.2/server/trace.h.systemtap	2011-10-09 20:22:23.000000000 +0200
-+++ dhcp-4.2.2/server/trace.h	2011-09-21 15:13:35.585433900 +0200
++++ dhcp-4.2.2/server/trace.h	2011-10-09 20:22:23.000000000 +0200
 @@ -0,0 +1,11 @@
 +// trace.h
 +
@@ -563,8 +562,8 @@ diff -up dhcp-4.2.2/server/trace.h.systemtap dhcp-4.2.2/server/trace.h
 +#define TRACE(probe)
 +#endif
 diff -up dhcp-4.2.2/tapset/dhcpd.stp.systemtap dhcp-4.2.2/tapset/dhcpd.stp
---- dhcp-4.2.2/tapset/dhcpd.stp.systemtap	2011-09-21 15:13:35.586433886 +0200
+--- dhcp-4.2.2/tapset/dhcpd.stp.systemtap	2011-10-09 20:22:23.000000000 +0200
-+++ dhcp-4.2.2/tapset/dhcpd.stp	2011-09-21 15:13:35.586433886 +0200
++++ dhcp-4.2.2/tapset/dhcpd.stp	2011-10-09 20:22:23.000000000 +0200
 @@ -0,0 +1,212 @@
 +/* dhcpd tapset
 +   Copyright (C) 2011, Red Hat Inc.
@@ -779,8 +778,8 @@ diff -up dhcp-4.2.2/tapset/dhcpd.stp.systemtap dhcp-4.2.2/tapset/dhcpd.stp
 +  probestr = sprintf("%s", $$name);
 +}
 diff -up dhcp-4.2.2/tapset/Makefile.am.systemtap dhcp-4.2.2/tapset/Makefile.am
---- dhcp-4.2.2/tapset/Makefile.am.systemtap	2011-09-21 15:13:35.586433886 +0200
+--- dhcp-4.2.2/tapset/Makefile.am.systemtap	2011-10-09 20:22:23.000000000 +0200
-+++ dhcp-4.2.2/tapset/Makefile.am	2011-09-21 15:13:35.586433886 +0200
++++ dhcp-4.2.2/tapset/Makefile.am	2011-10-09 20:22:23.000000000 +0200
 @@ -0,0 +1,26 @@
 +# Makefile.am for dhcp/tapset
 +# Jiri Popelka

dhcp.spec

@@ -19,7 +19,7 @@
 Summary:  Dynamic host configuration protocol software
 Name:     dhcp
 Version:  4.2.2
-Release:  11%{?dist}
+Release:  12%{?dist}
 # NEVER CHANGE THE EPOCH on this package.  The previous maintainer (prior to
 # dcantrell maintaining the package) made incorrect use of the epoch and
 # that's why it is at 12 now.  It should have never been used, but it was.
@@ -516,6 +516,11 @@ if [ $1 -eq 1 ] ; then
     /bin/systemctl daemon-reload >/dev/null 2>&1 || :
 fi
 
+# Update
+if [ $1 -gt 1 ] ; then
+  chown -R dhcpd:dhcpd %{_localstatedir}/lib/dhcpd/
+fi
+
 
 %post -n dhclient
 /bin/ls -1 %{_sysconfdir}/dhclient* >/dev/null 2>&1
@@ -586,10 +591,10 @@ fi
 %files
 %doc dhcpd.conf.sample dhcpd6.conf.sample
 %doc contrib/*
-%dir %{_localstatedir}/lib/dhcpd
 %attr(0750,root,root) %dir %{dhcpconfdir}
-%verify(not size md5 mtime) %config(noreplace) %{_localstatedir}/lib/dhcpd/dhcpd.leases
+%attr(0755,dhcpd,dhcpd) %dir %{_localstatedir}/lib/dhcpd
-%verify(not size md5 mtime) %config(noreplace) %{_localstatedir}/lib/dhcpd/dhcpd6.leases
+%attr(0644,dhcpd,dhcpd) %verify(not size md5 mtime) %config(noreplace) %{_localstatedir}/lib/dhcpd/dhcpd.leases
+%attr(0644,dhcpd,dhcpd) %verify(not size md5 mtime) %config(noreplace) %{_localstatedir}/lib/dhcpd/dhcpd6.leases
 %config(noreplace) %{_sysconfdir}/sysconfig/dhcpd
 %config(noreplace) %{_sysconfdir}/sysconfig/dhcpd6
 %config(noreplace) %{_sysconfdir}/sysconfig/dhcrelay
@@ -657,6 +662,10 @@ fi
 %{_initddir}/dhcrelay
 
 %changelog
+* Sun Oct 09 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.2-12
+- change ownership of /var/lib/dhcpd/ to dhcpd:dhcpd (#744292)
+- no need to drop capabilies in dhcpd since it's been running as regular user
+
 * Fri Sep 30 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.2.2-11
 - 56dhclient: ifcfg file was not sourced (#742482)