On Thu, May 23, 2019 at 03:07:05PM +0200, Jiri Denemark wrote:
While libvirtd creates this directory with the default 0755 mode, the spec file stores 0700 in the RPM database. Thus RPM verification always complains about this directory. Let's fix the spec file to match reality. Signed-off-by: Jiri Denemark <jdenemar@xxxxxxxxxx> --- Notes: Alternatively, we could change libvirt to create the directory with 0700 (instead of 0755), but all other drivers use 0755 (both in reality and in the spec file) and 0700 wouldn't really enhance security anyway.
It would also not work because domains would not be able to get to any file in there (like qemu agent socket, etc.) Reviewed-by: Martin Kletzander <mkletzan@xxxxxxxxxx>
libvirt.spec.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 970d2742ac..dc69920d75 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1661,7 +1661,7 @@ exit 0
%config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
%config(noreplace) %{_sysconfdir}/libvirt/qemu-lockd.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu
-%ghost %dir %attr(0700, root, root) %{_localstatedir}/run/libvirt/qemu/
+%ghost %dir %{_localstatedir}/run/libvirt/qemu/
%dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/
%{_datadir}/augeas/lenses/libvirtd_qemu.aug
--
2.21.0
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
Attachment:
signature.asc
Description: PGP signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
