From 98591bf7421f17c2d7d1b4bda8eb4cab63d1bda4 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mar 31 2015 12:30:02 +0000 Subject: setroubleshootd: run server with setroubleshoot uid instead of root --- diff --git a/framework/org.fedoraproject.Setroubleshootd.conf b/framework/org.fedoraproject.Setroubleshootd.conf index 78e03f2..68b648c 100644 --- a/framework/org.fedoraproject.Setroubleshootd.conf +++ b/framework/org.fedoraproject.Setroubleshootd.conf @@ -4,8 +4,10 @@ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> - + + + diff --git a/framework/org.fedoraproject.Setroubleshootd.service b/framework/org.fedoraproject.Setroubleshootd.service index 8a2d57b..05c2c39 100644 --- a/framework/org.fedoraproject.Setroubleshootd.service +++ b/framework/org.fedoraproject.Setroubleshootd.service @@ -1,4 +1,4 @@ [D-BUS Service] Name=org.fedoraproject.Setroubleshootd Exec=/usr/sbin/setroubleshootd -f -User=root +User=setroubleshoot diff --git a/framework/src/setroubleshoot/server.py b/framework/src/setroubleshoot/server.py index 26616b1..d4b837b 100755 --- a/framework/src/setroubleshoot/server.py +++ b/framework/src/setroubleshoot/server.py @@ -548,7 +548,7 @@ def RunFaultServer(timeout=10): database_filename = get_config('database','filename') database_filepath = make_database_filepath(database_filename) - assure_file_ownership_permissions(database_filepath, 0600, 'root', 'root') + assure_file_ownership_permissions(database_filepath, 0600, 'setroubleshoot') host_database = SETroubleshootDatabase(database_filepath, database_filename, friendly_name=_("Audit Listener")) host_database.set_notify(client_notifier) @@ -607,7 +607,7 @@ def RunFaultServer(timeout=10): # Initialize the email recipient list from setroubleshoot.signature import SEEmailRecipientSet email_recipients = SEEmailRecipientSet() - assure_file_ownership_permissions(email_recipients_filepath, 0600, 'root', 'root') + assure_file_ownership_permissions(email_recipients_filepath, 0600, 'setroubleshoot') try: email_recipients.parse_recipient_file(email_recipients_filepath) except ProgramError, e: diff --git a/framework/src/setroubleshoot/util.py b/framework/src/setroubleshoot/util.py index 906735b..3473d77 100755 --- a/framework/src/setroubleshoot/util.py +++ b/framework/src/setroubleshoot/util.py @@ -375,7 +375,7 @@ def assure_file_ownership_permissions(filepath, mode, owner, group=None): f.close() except Exception, e: result = False - syslog.syslog(syslog.LOG_ERR, "cannot create file %s [%s]" % filepath, e.strerror) + syslog.syslog(syslog.LOG_ERR, "cannot create file %s [%s]" % (filepath, e.strerror)) try: os.chmod(filepath, mode)