MAAS

Merge lp:~andreserl/maas/dhcpd_paranoia into lp:~maas-maintainers/maas/packaging

dhcpd_paranoia
Merge into packaging

Proposed by Andres Rodriguez on 2016-03-16

Status:	Merged
Approved by:	Andres Rodriguez on 2016-03-16
Approved revision:	462
Merged at revision:	460
Proposed branch:	lp:~andreserl/maas/dhcpd_paranoia
Merge into:	lp:~maas-maintainers/maas/packaging
Diff against target:	80 lines (+17/-14) 4 files modified debian/changelog (+11/-3) debian/maas-dhcp.apparmor (+0/-4) debian/maas-dhcp.maas-dhcpd.service (+3/-4) debian/maas-dhcp.maas-dhcpd6.service (+3/-3)
To merge this branch:	bzr merge lp:~andreserl/maas/dhcpd_paranoia
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Andres Rodriguez (community)		Approve on 2016-03-16
Blake Rouse (community)	2016-03-16	Approve on 2016-03-16
Review via email: mp+289187@code.launchpad.net

Commit message

Update dhcpd permissions to conform with most recent paranoia described on LP: 1543794, so capability dac_override is not granted.

Revision history for this message

Blake Rouse (blake-rouse) wrote on 2016-03-16:

Looks good except for the revert you are doing. Fix before landing.

review: Approve

lp:~andreserl/maas/dhcpd_paranoia updated on 2016-03-16

461. By Andres Rodriguez on 2016-03-16: Fix change on Killmode
462. By Andres Rodriguez on 2016-03-16: fix typo

Revision history for this message

Andres Rodriguez (andreserl) wrote on 2016-03-16:

landing then!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Andres Rodriguez

Dave Walker

lipeng

1	=== modified file 'debian/changelog'
2	--- debian/changelog 2016-03-12 01:45:07 +0000
3	+++ debian/changelog 2016-03-16 14:20:56 +0000
4	@@ -1,6 +1,14 @@
5	-maas (2.0.0~alpha2+bzr4773-0ubuntu1) UNRELEASED; urgency=medium
6	-
7	- * New usptream release, 2.0.0 bzr 4773 (LP: #1553261).
8	+maas (2.0.0~alpha3+bzr4785-0ubuntu1) UNRELEASED; urgency=medium
9	+
10	+ * New upstream release, 2.0.0 bzr 4779 (LP: #1553261)
11	+ * Update dhcpd permissions to conform with most recent paranoia described
12	+ on LP: 1543794, so capability dac_override is not granted.
13	+
14	+ -- Andres Rodriguez <andreserl@ubuntu.com> Mon, 14 Mar 2016 18:34:53 -0400
15	+
16	+maas (2.0.0~alpha2+bzr4776-0ubuntu1) xenial; urgency=medium
17	+
18	+ * New usptream release, 2.0.0 bzr 4776 (LP: #1553261).
19	* maas-dns Depends: bind9 >= 1:9.10.3.dfsg.P2-5 for better system time.
20	LP: #1553176.
21	* debian/extras/maas-{region,rack}: Replace maas-region-admin
22
23	=== modified file 'debian/maas-dhcp.apparmor'
24	--- debian/maas-dhcp.apparmor 2015-08-11 10:57:05 +0000
25	+++ debian/maas-dhcp.apparmor 2016-03-16 14:20:56 +0000
26	@@ -1,7 +1,3 @@
27	-# Work around bug:
28	-# https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1186662
29	-capability dac_override,
30	-
31	/run/maas/dhcp/ r,
32	/run/maas/dhcp/** r,
33	/run/maas/dhcp/*.pid lrw,
34
35	=== modified file 'debian/maas-dhcp.maas-dhcpd.service'
36	--- debian/maas-dhcp.maas-dhcpd.service 2016-03-15 18:58:50 +0000
37	+++ debian/maas-dhcp.maas-dhcpd.service 2016-03-16 14:20:56 +0000
38	@@ -15,16 +15,15 @@
39	KillSignal=SIGKILL
40	# Allow dhcp server to write lease and pid file as 'dhcpd' user
41	ExecStartPre=/bin/mkdir -p /run/maas/dhcp
42	-ExecStartPre=/bin/chown root:root /run/maas/dhcp
43	-# The leases files need to be root:root even when dropping privileges
44	+# The leases files need to be root:dhcpd even when dropping privileges
45	ExecStartPre=/bin/mkdir -p /var/lib/maas/dhcp
46	-ExecStartPre=/bin/chown root:root /var/lib/maas/dhcp
47	# Start the daemon
48	ExecStart=/bin/sh -ec '\
49	INTERFACES=$(cat /var/lib/maas/dhcpd-interfaces); \
50	LEASES_FILE=/var/lib/maas/dhcp/dhcpd.leases; \
51	[ -e $LEASES_FILE ] \|\| touch $LEASES_FILE; \
52	- chown root:root /var/lib/maas/dhcp /var/lib/maas/dhcp/dhcpd.leases*; \
53	+ chown root:dhcpd /var/lib/maas/dhcp /var/lib/maas/dhcp/dhcpd.leases*; \
54	+ chmod 775 /var/lib/maas/dhcp ; chmod 664 /var/lib/maas/dhcp/dhcpd.leases; \
55	exec dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/maas/dhcp/dhcpd.pid \
56	-cf /var/lib/maas/dhcpd.conf -lf $LEASES_FILE $INTERFACES'
57
58
59	=== modified file 'debian/maas-dhcp.maas-dhcpd6.service'
60	--- debian/maas-dhcp.maas-dhcpd6.service 2016-03-15 18:58:50 +0000
61	+++ debian/maas-dhcp.maas-dhcpd6.service 2016-03-16 14:20:56 +0000
62	@@ -15,16 +15,16 @@
63	KillSignal=SIGKILL
64	# Allow dhcp server to write lease and pid file as 'dhcpd' user
65	ExecStartPre=/bin/mkdir -p /run/maas/dhcp
66	-ExecStartPre=/bin/chown root:root /run/maas/dhcp
67	-# The leases files need to be root:root even when dropping privileges
68	+# The leases files need to be root:dhcpd even when dropping privileges
69	ExecStartPre=/bin/mkdir -p /var/lib/maas/dhcp
70	-ExecStartPre=/bin/chown root:root /var/lib/maas/dhcp
71	# Start the daemon
72	ExecStart=/bin/sh -ec '\
73	INTERFACES=$(cat /var/lib/maas/dhcpd-interfaces); \
74	LEASES_FILE=/var/lib/maas/dhcp/dhcpd6.leases; \
75	[ -e $LEASES_FILE ] \|\| touch $LEASES_FILE; \
76	chown root:root /var/lib/maas/dhcp /var/lib/maas/dhcp/dhcpd6.leases*; \
77	+ chown root:dhcpd /var/lib/maas/dhcp /var/lib/maas/dhcp/dhcpd6.leases; \
78	+ chmod 775 /var/lib/maas/dhcp ; chmod 664 /var/lib/maas/dhcp/dhcpd6.leases; \
79	exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/maas/dhcp/dhcpd6.pid \
80	-cf /var/lib/maas/dhcpd6.conf -lf $LEASES_FILE $INTERFACES'
81

MAAS

Merge lp:~andreserl/maas/dhcpd_paranoia into lp:~maas-maintainers/maas/packaging

Commit message

Description of the change

Preview Diff

Subscribers