Juan Hernandez has posted comments on this change.
Change subject: packaging: Build and run with Fedora 17 jboss-as
......................................................................
Patch Set 7: (2 inline comments)
....................................................
File packaging/fedora/spec/ovirt-engine.spec.in
Line 539: %dir %attr(-, %{engine_user}, %{engine_group})
%{_var}/lock/%{engine_name}
That attribute changes the ownership of the file to ovirt:ovirt. Only
files/directories where the engine needs to write should have this ownership.
For the rest of the files it is safer to have them owned by root:root, that way
the engine will not be able to write them, even if it is compromised and goes
wild.
Line 555: %config(noreplace) %{engine_etc}/web-conf.js
web-conf.js is never written by the engine, so it is better to have it owned by
root,
--
To view, visit http://gerrit.ovirt.org/4416
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: I5cda15e5219d1b6c8e8306fc7b4f196e6afc66b1
Gerrit-PatchSet: 7
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Juan Hernandez <[email protected]>
Gerrit-Reviewer: Doron Fediuck <[email protected]>
Gerrit-Reviewer: Juan Hernandez <[email protected]>
Gerrit-Reviewer: Ofer Schreiber <[email protected]>
Gerrit-Reviewer: Saggi Mizrahi <[email protected]>
Gerrit-Reviewer: Yair Zaslavsky <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
