diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2011-08-10 15:15:01 +0300 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2011-08-10 16:32:05 +0200 |
commit | e6d061224ee226bb263f56f3bce4db96934ce49a (patch) | |
tree | a1e7e1c34d17db39dd96643f1f663b6769bbbdd7 /ipa-client | |
parent | 503470916c296db419e2cbeb096fc2b4173574ba (diff) | |
download | freeipa-e6d061224ee226bb263f56f3bce4db96934ce49a.tar.gz freeipa-e6d061224ee226bb263f56f3bce4db96934ce49a.tar.xz freeipa-e6d061224ee226bb263f56f3bce4db96934ce49a.zip |
Ensure network configuration file has proper permissions
As network configuration file is created as temporary file, it has stricter permissions than
we need for the target system configuration file. Ensure permissions are properly reset before
installing file.
If permissions are not re-set, system may have no networking enabled after reboot.
https://fedorahosted.org/freeipa/ticket/1606
Diffstat (limited to 'ipa-client')
-rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index e3b9dfbab..1caf9c1ee 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -23,6 +23,7 @@ try: import sys import os + import stat import time import socket import logging @@ -564,6 +565,9 @@ $)''', re.VERBOSE) statestore.backup_state('network', 'hostname', value) new_config.write(new_line) new_config.flush() + # Make sure the resulting file is readable by others before installing it + os.fchmod(new_config.fileno(), stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH) + os.fchown(new_config.fileno(), 0, 0) # At this point new_config is closed but not removed due to 'delete=False' above # Now, install the temporary file as configuration and ensure old version is available as .orig @@ -574,6 +578,12 @@ $)''', re.VERBOSE) except CalledProcessError, e: print >>sys.stderr, "Failed to set this machine hostname to %s (%s)." % (hostname, str(e)) + # For SE Linux environments it is important to reset SE labels to the expected ones + try: + ipautil.run(['/sbin/restorecon', network_filename]) + except CalledProcessError, e: + print >>sys.stderr, "Failed to set permissions for %s (%s)." % (network_filename, str(e)) + def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options): sssdconfig = SSSDConfig.SSSDConfig() sssdconfig.new_config() |