Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
openvswitch.11328
0003-rhel-Use-correct-user-in-the-logrotate-con...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0003-rhel-Use-correct-user-in-the-logrotate-configuration.patch of Package openvswitch.11328
From ea7f792f2d404e4aaea454ba988b4b7ccf003598 Mon Sep 17 00:00:00 2001 From: Markos Chandras <mchandras@suse.de> Date: Wed, 8 Aug 2018 17:27:25 +0300 Subject: [PATCH 3/3] rhel: Use correct user in the logrotate configuration file The /var/log/openvswitch directory is owned by the openvswitch user but logrotate could be running as root or as another user. As a result of which, rpmlint prints the following warning when building the spec file on SUSE Linux Enterprise: openvswitch.x86_64: W: suse-logrotate-user-writable-log-dir /var/log/openvswitch openvswitch:openvswitch 0750 The log directory is writable by unprivileged users. Please fix the permissions so only root can write there or add the 'su' option to your logrotate config In order to fix that, we should run the logrotate script as the same user which runs the various Open vSwitch daemons. If this is a new installation, then this user is the 'openvswitch' one, but if we are upgrading from an older release, then the user is normally 'root'. As such, we set the initial user to 'root' and we fix this up in the %post scriptlet. Cc: Aaron Conole <aconole@redhat.com> Cc: Timothy Redaelli <tredaelli@redhat.com> Signed-off-by: Markos Chandras <mchandras@suse.de> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Timothy Redaelli <tredaelli@redhat.com> --- rhel/etc_logrotate.d_openvswitch | 1 + rhel/openvswitch-fedora.spec.in | 4 +++- rhel/usr_lib_systemd_system_ovsdb-server.service | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/rhel/etc_logrotate.d_openvswitch b/rhel/etc_logrotate.d_openvswitch index ed7d733c9..f4302ffbc 100644 --- a/rhel/etc_logrotate.d_openvswitch +++ b/rhel/etc_logrotate.d_openvswitch @@ -6,6 +6,7 @@ # without warranty of any kind. /var/log/openvswitch/*.log { + su root root daily compress sharedscripts diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in index 8663a5129..b6b364fa4 100644 --- a/rhel/openvswitch-fedora.spec.in +++ b/rhel/openvswitch-fedora.spec.in @@ -388,6 +388,7 @@ if [ $1 -eq 1 ]; then useradd -r -d / -s /sbin/nologin -c "Open vSwitch Daemons" openvswitch sed -i 's:^#OVS_USER_ID=:OVS_USER_ID=:' /etc/sysconfig/openvswitch + sed -i 's:\(.*su\).*:\1 openvswitch openvswitch:' %{_sysconfdir}/logrotate.d/openvswitch %if %{with dpdk} getent group hugetlbfs >/dev/null || \ @@ -400,6 +401,7 @@ if [ $1 -eq 1 ]; then # In the case of upgrade, this is not needed. chown -R openvswitch:openvswitch /etc/openvswitch + chown -R openvswitch:openvswitch /var/log/openvswitch fi %if 0%{?systemd_post:1} @@ -578,7 +580,7 @@ fi %endif %doc COPYING NOTICE README.rst NEWS rhel/README.RHEL.rst /var/lib/openvswitch -%attr(755,-,-) /var/log/openvswitch +%attr(750,root,root) /var/log/openvswitch %ghost %attr(755,root,root) %{_rundir}/openvswitch %files ovn-docker diff --git a/rhel/usr_lib_systemd_system_ovsdb-server.service b/rhel/usr_lib_systemd_system_ovsdb-server.service index c4388f4ad..feb9a97d7 100644 --- a/rhel/usr_lib_systemd_system_ovsdb-server.service +++ b/rhel/usr_lib_systemd_system_ovsdb-server.service @@ -10,7 +10,7 @@ Type=forking Restart=on-failure EnvironmentFile=/etc/openvswitch/default.conf EnvironmentFile=-/etc/sysconfig/openvswitch -ExecStartPre=/usr/bin/chown ${OVS_USER_ID} /var/run/openvswitch +ExecStartPre=/usr/bin/chown ${OVS_USER_ID} /var/run/openvswitch /var/log/openvswitch ExecStartPre=/bin/sh -c 'rm -f /run/openvswitch/useropts; if [ "$${OVS_USER_ID/:*/}" != "root" ]; then /usr/bin/echo "OVSUSER=--ovs-user=${OVS_USER_ID}" > /run/openvswitch/useropts; fi' EnvironmentFile=-/run/openvswitch/useropts ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ -- 2.16.4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor