95ea96
From 8ba1a1e89b34e587a9898a85f1c545dbd1c7765a Mon Sep 17 00:00:00 2001
95ea96
From: Christian Heimes <cheimes@redhat.com>
95ea96
Date: Fri, 22 Jun 2018 12:22:06 +0200
95ea96
Subject: [PATCH] Always make ipa.p11-kit world-readable
95ea96
95ea96
Ensure that ipa.p11-kit is always world-readable.
95ea96
95ea96
Fixes: https://pagure.io/freeipa/issue/7594
95ea96
Signed-off-by: Christian Heimes <cheimes@redhat.com>
95ea96
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
95ea96
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
95ea96
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
95ea96
---
95ea96
 ipaplatform/redhat/tasks.py | 1 +
95ea96
 1 file changed, 1 insertion(+)
95ea96
95ea96
diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
95ea96
index 6a4270defc9f444f76677bdf08d2a680649664bb..8fc8b54c146d540c988d97b7fb0927fced7c3e29 100644
95ea96
--- a/ipaplatform/redhat/tasks.py
95ea96
+++ b/ipaplatform/redhat/tasks.py
95ea96
@@ -269,6 +269,7 @@ class RedHatTaskNamespace(BaseTaskNamespace):
95ea96
 
95ea96
         try:
95ea96
             f = open(new_cacert_path, 'w')
95ea96
+            os.fchmod(f.fileno(), 0o644)
95ea96
         except IOError as e:
95ea96
             logger.info("Failed to open %s: %s", new_cacert_path, e)
95ea96
             return False
95ea96
-- 
95ea96
2.17.1
95ea96