From 4bf644cdc1908aaa04de304174d985665de5947d Mon Sep 17 00:00:00 2001

From: Peter Jones <pjones@redhat.com>

Date: Fri, 20 Nov 2015 19:19:49 -0500

Subject: [PATCH 11/15] Don't setfacl when the socket or dir aren't there.

Signed-off-by: Peter Jones <pjones@redhat.com>

(cherry picked from commit 4c70ae807156099bf027b57a94b7eae0a810b947)

---

 src/pesign-authorize-groups | 10 ++++++----

 src/pesign-authorize-users  | 10 ++++++----

 2 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/pesign-authorize-groups b/src/pesign-authorize-groups

index 2236bea..2222809 100644

--- a/src/pesign-authorize-groups

+++ b/src/pesign-authorize-groups

@@ -11,9 +11,11 @@

 if [[ -r /etc/pesign/groups ]]; then

     for group in $(cat /etc/pesign/groups); do

-        setfacl -m g:${group}:rx /var/run/pesign

-        setfacl -m g:${group}:rw /var/run/pesign/socket

-        setfacl -m g:${username}:rx /etc/pki/pesign

-        setfacl -m g:${username}:r /etc/pki/pesign/{cert8,key3,secmod}.db

+	if [ -d /var/run/pesign ]; then

+	    setfacl -m g:${group}:rx /var/run/pesign

+	    if [ -e /var/run/pesign/socket ]; then

+		setfacl -m g:${group}:rw /var/run/pesign/socket

+	    fi

+	fi

     done

 fi

diff --git a/src/pesign-authorize-users b/src/pesign-authorize-users

index 9c38a25..22bddec 100644

--- a/src/pesign-authorize-users

+++ b/src/pesign-authorize-users

@@ -11,9 +11,11 @@

 if [[ -r /etc/pesign/users ]]; then

     for username in $(cat /etc/pesign/users); do

-        setfacl -m u:${username}:rx /var/run/pesign

-        setfacl -m u:${username}:rw /var/run/pesign/socket

-        setfacl -m u:${username}:rx /etc/pki/pesign

-        setfacl -m u:${username}:r /etc/pki/pesign/{cert8,key3,secmod}.db

+	if [ -d /var/run/pesign ]; then

+	    setfacl -m g:${username}:rx /var/run/pesign

+	    if [ -e /var/run/pesign/socket ]; then

+		setfacl -m g:${username}:rw /var/run/pesign/socket

+	    fi

+	fi

     done

 fi

-- 

2.5.5