|
 |
0d5c10 |
From df18c1e1c034cd0162747eb357efdcbbdf22ff1c Mon Sep 17 00:00:00 2001
|
|
|
0d5c10 |
From: Watson Sato <wsato@redhat.com>
|
|
|
0d5c10 |
Date: Tue, 19 Mar 2019 16:50:09 +0100
|
|
|
0d5c10 |
Subject: [PATCH] Remove --quiet from rpm command
|
|
|
0d5c10 |
|
|
|
0d5c10 |
It doesn't work with --setperms.
|
|
|
0d5c10 |
See https://bugzilla.redhat.com/show_bug.cgi?id=1690469.
|
|
|
0d5c10 |
---
|
|
|
0d5c10 |
.../rpm_verification/rpm_verify_permissions/ansible/shared.yml | 2 +-
|
|
|
0d5c10 |
.../rpm_verification/rpm_verify_permissions/bash/shared.sh | 2 +-
|
|
|
0d5c10 |
.../rpm_verification/rpm_verify_permissions/rule.yml | 2 +-
|
|
|
0d5c10 |
3 files changed, 3 insertions(+), 3 deletions(-)
|
|
|
0d5c10 |
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml
|
|
|
0d5c10 |
index abce9e17f5..e05696d46c 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml
|
|
|
0d5c10 |
@@ -13,7 +13,7 @@
|
|
|
0d5c10 |
@ANSIBLE_ENSURE_PLATFORM@
|
|
|
0d5c10 |
|
|
|
0d5c10 |
- name: "Correct file permissions with RPM"
|
|
|
0d5c10 |
- shell: "rpm --quiet --setperms $(rpm -qf '{{ item }}')"
|
|
|
0d5c10 |
+ shell: "rpm --setperms $(rpm -qf '{{ item }}')"
|
|
|
0d5c10 |
args:
|
|
|
0d5c10 |
warn: False # Ignore ANSIBLE0006, we can't correct permissions using rpm module
|
|
|
0d5c10 |
with_items: "{{ files_with_incorrect_permissions.stdout_lines }}"
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh
|
|
|
0d5c10 |
index 5689b6d84b..7705f0df3b 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh
|
|
|
0d5c10 |
@@ -28,5 +28,5 @@ SETPERMS_RPM_LIST=( $(echo "${SETPERMS_RPM_LIST[@]}" | tr ' ' '\n' | sort -u | t
|
|
|
0d5c10 |
# correct values
|
|
|
0d5c10 |
for RPM_PACKAGE in "${SETPERMS_RPM_LIST[@]}"
|
|
|
0d5c10 |
do
|
|
|
0d5c10 |
- rpm --quiet --setperms "${RPM_PACKAGE}"
|
|
|
0d5c10 |
+ rpm --setperms "${RPM_PACKAGE}"
|
|
|
0d5c10 |
done
|
|
|
0d5c10 |
diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml
|
|
|
0d5c10 |
index e233c8b02f..1d5090894b 100644
|
|
|
0d5c10 |
--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml
|
|
|
0d5c10 |
+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml
|
|
|
0d5c10 |
@@ -19,7 +19,7 @@ description: |-
|
|
|
0d5c10 |
|
|
|
0d5c10 |
Next, run the following command to reset its permissions to
|
|
|
0d5c10 |
the correct values:
|
|
|
0d5c10 |
- $ sudo rpm --quiet --setperms PACKAGENAME
|
|
|
0d5c10 |
+ $ sudo rpm --setperms PACKAGENAME
|
|
|
0d5c10 |
|
|
|
0d5c10 |
rationale: |-
|
|
|
0d5c10 |
Permissions on system binaries and configuration files that are too generous
|