freeipa

Clone
Source Code
GIT

5525322 ipa-server-install: fix ca setup when fs.protected_regular=1

Authored and Committed by François Cami 5 years ago
raw patch tree parent
1 file changed. 3 lines added. 1 lines removed.
ipaserver/install/cainstance.py
file modified
+3 -1 
    ipa-server-install: fix ca setup when fs.protected_regular=1
    
    /tmp is a sticky directory. When the OS is configured with
    fs.protected_regular=1, this means that O_CREATE open is forbidden
    for files in /tmp if the calling user is not owner of the file,
    except if the file is owned by the owner of the directory.
    
    The installer (executed as root) currently creates a file in /tmp,
    then modifies its owner to pkiuser and finally writes the pki config
    in the file. With fs.protected_regular=1, the write is denied because
    root is not owner of the file at this point.
    The fix performs the ownership change after the file has been written.
    
    Fedora bug: https://bugzilla.redhat.com/show_bug.cgi?id=1677027
    
    Fixes: https://pagure.io/freeipa/issue/7866
    Signed-off-by: François Cami <fcami@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
file modified
+3 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.