rpms/ipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity
7056e92461
ipa/freeipa-4.8.10-systemd-resolved-configuration.patch
DistroBaker 7056e92461 Merged update from upstream sources 
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/freeipa.git#41b946dfeb35544f4011cf5777ba33fd98d11f72
2020-12-17 07:07:32 +00:00

75 lines
2.8 KiB
Diff
Raw Blame History

From 2e4f9ef1552d1ef784bb91918aa60de0f05e453a Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Mon, 28 Sep 2020 12:00:01 +0200
Subject: [PATCH 1/2] Ensure that resolved.conf.d is accessible
systemd-resolved runs as user systemd-resolve. Ensure that
resolved.conf.d drop-in directory is accessible when installer runs with
restricted umask. Also ensure the file and directory has correct SELinux
context.
The parent directory /etc/systemd exists on all platforms.
Fixes: https://pagure.io/freeipa/issue/8275
Signed-off-by: Christian Heimes <cheimes@redhat.com>
---
ipaplatform/base/tasks.py | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
index a39857e869..adf320b700 100644
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -336,7 +336,11 @@ def configure_dns_resolver(self, nameservers, searchdomains, *,
from ipaplatform.services import knownservices
confd = os.path.dirname(paths.SYSTEMD_RESOLVED_IPA_CONF)
- os.makedirs(confd, exist_ok=True)
+ if not os.path.isdir(confd):
+ os.mkdir(confd)
+ # owned by root, readable by systemd-resolve user
+ os.chmod(confd, 0o755)
+ tasks.restore_context(confd, force=True)
cfg = RESOLVE1_IPA_CONF.format(
searchdomains=" ".join(searchdomains)
@@ -345,6 +349,10 @@ def configure_dns_resolver(self, nameservers, searchdomains, *,
os.fchmod(f.fileno(), 0o644)
f.write(cfg)
+ tasks.restore_context(
+ paths.SYSTEMD_RESOLVED_IPA_CONF, force=True
+ )
+
knownservices["systemd-resolved"].reload_or_restart()
def unconfigure_dns_resolver(self, fstore=None):
From 8b193f09018c3be283e0a3ecdfd1a58d49af360a Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Mon, 28 Sep 2020 12:29:00 +0200
Subject: [PATCH 2/2] Also backup DNS config drop-ins
/etc/NetworkManager/conf.d and /etc/systemd/resolved.conf.d drop-in
files were not backed up.
Related: https://pagure.io/freeipa/issue/8275
Signed-off-by: Christian Heimes <cheimes@redhat.com>
---
ipaserver/install/ipa_backup.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index 39347643d3..d472990afe 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -194,6 +194,8 @@ class Backup(admintool.AdminTool):
paths.GSSPROXY_CONF,
paths.HOSTS,
paths.SYSTEMD_PKI_TOMCAT_IPA_CONF,
+ paths.NETWORK_MANAGER_IPA_CONF,
+ paths.SYSTEMD_RESOLVED_IPA_CONF,
) + tuple(
os.path.join(paths.IPA_NSSDB_DIR, file)
for file in (certdb.NSS_DBM_FILES + certdb.NSS_SQL_FILES)
Reference in New Issue View Git Blame Copy Permalink