Commit 94cd8383e297 ("rhel: fix log directory permissions") restored the
old 755 permission on /var/log/openvswitch and this can result in the
exposure of sensitive information.
Since commit f624bf23b62a ("rhel: user/group openvswitch does not exist")
moved the user/group creations in %pre phase it's now possible to change
/var/log/openvswitch user/group to openvswitch:openvswitch and remove
the r/x bits for other again without having the "permission denied"
error when the logs are rotated.
CC: Aaron Conole <[email protected]>
Fixes: 94cd8383e297 ("rhel: fix log directory permissions")
Signed-off-by: Timothy Redaelli <[email protected]>
Acked-by: Aaron Conole <[email protected]>
---
rhel/openvswitch-fedora.spec.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in
index 9462ce236..64a87a793 100644
--- a/rhel/openvswitch-fedora.spec.in
+++ b/rhel/openvswitch-fedora.spec.in
@@ -591,7 +591,7 @@ fi
%endif
%doc NOTICE README.rst NEWS rhel/README.RHEL.rst
/var/lib/openvswitch
-%attr(755,-,-) /var/log/openvswitch
+%attr(750,openvswitch,openvswitch) /var/log/openvswitch
%ghost %attr(755,root,root) %{_rundir}/openvswitch
%files ovn-docker
--
2.17.0
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
