|
|
fe5aa1 |
From 4bf644cdc1908aaa04de304174d985665de5947d Mon Sep 17 00:00:00 2001
|
|
|
fe5aa1 |
From: Peter Jones <pjones@redhat.com>
|
|
|
fe5aa1 |
Date: Fri, 20 Nov 2015 19:19:49 -0500
|
|
|
fe5aa1 |
Subject: [PATCH 11/15] Don't setfacl when the socket or dir aren't there.
|
|
|
fe5aa1 |
|
|
|
fe5aa1 |
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
|
fe5aa1 |
(cherry picked from commit 4c70ae807156099bf027b57a94b7eae0a810b947)
|
|
|
fe5aa1 |
---
|
|
|
fe5aa1 |
src/pesign-authorize-groups | 10 ++++++----
|
|
|
fe5aa1 |
src/pesign-authorize-users | 10 ++++++----
|
|
|
fe5aa1 |
2 files changed, 12 insertions(+), 8 deletions(-)
|
|
|
fe5aa1 |
|
|
|
fe5aa1 |
diff --git a/src/pesign-authorize-groups b/src/pesign-authorize-groups
|
|
|
fe5aa1 |
index 2236bea..2222809 100644
|
|
|
fe5aa1 |
--- a/src/pesign-authorize-groups
|
|
|
fe5aa1 |
+++ b/src/pesign-authorize-groups
|
|
|
fe5aa1 |
@@ -11,9 +11,11 @@
|
|
|
fe5aa1 |
|
|
|
fe5aa1 |
if [[ -r /etc/pesign/groups ]]; then
|
|
|
fe5aa1 |
for group in $(cat /etc/pesign/groups); do
|
|
|
fe5aa1 |
- setfacl -m g:${group}:rx /var/run/pesign
|
|
|
fe5aa1 |
- setfacl -m g:${group}:rw /var/run/pesign/socket
|
|
|
fe5aa1 |
- setfacl -m g:${username}:rx /etc/pki/pesign
|
|
|
fe5aa1 |
- setfacl -m g:${username}:r /etc/pki/pesign/{cert8,key3,secmod}.db
|
|
|
fe5aa1 |
+ if [ -d /var/run/pesign ]; then
|
|
|
fe5aa1 |
+ setfacl -m g:${group}:rx /var/run/pesign
|
|
|
fe5aa1 |
+ if [ -e /var/run/pesign/socket ]; then
|
|
|
fe5aa1 |
+ setfacl -m g:${group}:rw /var/run/pesign/socket
|
|
|
fe5aa1 |
+ fi
|
|
|
fe5aa1 |
+ fi
|
|
|
fe5aa1 |
done
|
|
|
fe5aa1 |
fi
|
|
|
fe5aa1 |
diff --git a/src/pesign-authorize-users b/src/pesign-authorize-users
|
|
|
fe5aa1 |
index 9c38a25..22bddec 100644
|
|
|
fe5aa1 |
--- a/src/pesign-authorize-users
|
|
|
fe5aa1 |
+++ b/src/pesign-authorize-users
|
|
|
fe5aa1 |
@@ -11,9 +11,11 @@
|
|
|
fe5aa1 |
|
|
|
fe5aa1 |
if [[ -r /etc/pesign/users ]]; then
|
|
|
fe5aa1 |
for username in $(cat /etc/pesign/users); do
|
|
|
fe5aa1 |
- setfacl -m u:${username}:rx /var/run/pesign
|
|
|
fe5aa1 |
- setfacl -m u:${username}:rw /var/run/pesign/socket
|
|
|
fe5aa1 |
- setfacl -m u:${username}:rx /etc/pki/pesign
|
|
|
fe5aa1 |
- setfacl -m u:${username}:r /etc/pki/pesign/{cert8,key3,secmod}.db
|
|
|
fe5aa1 |
+ if [ -d /var/run/pesign ]; then
|
|
|
fe5aa1 |
+ setfacl -m g:${username}:rx /var/run/pesign
|
|
|
fe5aa1 |
+ if [ -e /var/run/pesign/socket ]; then
|
|
|
fe5aa1 |
+ setfacl -m g:${username}:rw /var/run/pesign/socket
|
|
|
fe5aa1 |
+ fi
|
|
|
fe5aa1 |
+ fi
|
|
|
fe5aa1 |
done
|
|
|
fe5aa1 |
fi
|
|
|
fe5aa1 |
--
|
|
|
fe5aa1 |
2.5.5
|
|
|
fe5aa1 |
|