Merge lp:~andreserl/maas/dhcpd_paranoia into lp:~maas-maintainers/maas/packaging

Proposed by Andres Rodriguez on 2016-03-16
Status: Merged
Approved by: Andres Rodriguez on 2016-03-16
Approved revision: 462
Merged at revision: 460
Proposed branch: lp:~andreserl/maas/dhcpd_paranoia
Merge into: lp:~maas-maintainers/maas/packaging
Diff against target: 80 lines (+17/-14)
4 files modified
debian/changelog (+11/-3)
debian/maas-dhcp.apparmor (+0/-4)
debian/maas-dhcp.maas-dhcpd.service (+3/-4)
debian/maas-dhcp.maas-dhcpd6.service (+3/-3)
To merge this branch: bzr merge lp:~andreserl/maas/dhcpd_paranoia
Reviewer Review Type Date Requested Status
Andres Rodriguez (community) Approve on 2016-03-16
Blake Rouse (community) 2016-03-16 Approve on 2016-03-16
Review via email: mp+289187@code.launchpad.net

Commit message

Update dhcpd permissions to conform with most recent paranoia described on LP: 1543794, so capability dac_override is not granted.

To post a comment you must log in.
Blake Rouse (blake-rouse) wrote :

Looks good except for the revert you are doing. Fix before landing.

review: Approve
lp:~andreserl/maas/dhcpd_paranoia updated on 2016-03-16
461. By Andres Rodriguez on 2016-03-16

Fix change on Killmode

462. By Andres Rodriguez on 2016-03-16

fix typo

Andres Rodriguez (andreserl) wrote :

landing then!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'debian/changelog'
--- debian/changelog 2016-03-12 01:45:07 +0000
+++ debian/changelog 2016-03-16 14:20:56 +0000
@@ -1,6 +1,14 @@
1maas (2.0.0~alpha2+bzr4773-0ubuntu1) UNRELEASED; urgency=medium1maas (2.0.0~alpha3+bzr4785-0ubuntu1) UNRELEASED; urgency=medium
22
3 * New usptream release, 2.0.0 bzr 4773 (LP: #1553261).3 * New upstream release, 2.0.0 bzr 4779 (LP: #1553261)
4 * Update dhcpd permissions to conform with most recent paranoia described
5 on LP: 1543794, so capability dac_override is not granted.
6
7 -- Andres Rodriguez <andreserl@ubuntu.com> Mon, 14 Mar 2016 18:34:53 -0400
8
9maas (2.0.0~alpha2+bzr4776-0ubuntu1) xenial; urgency=medium
10
11 * New usptream release, 2.0.0 bzr 4776 (LP: #1553261).
4 * maas-dns Depends: bind9 >= 1:9.10.3.dfsg.P2-5 for better system time.12 * maas-dns Depends: bind9 >= 1:9.10.3.dfsg.P2-5 for better system time.
5 LP: #1553176.13 LP: #1553176.
6 * debian/extras/maas-{region,rack}: Replace maas-region-admin14 * debian/extras/maas-{region,rack}: Replace maas-region-admin
715
=== modified file 'debian/maas-dhcp.apparmor'
--- debian/maas-dhcp.apparmor 2015-08-11 10:57:05 +0000
+++ debian/maas-dhcp.apparmor 2016-03-16 14:20:56 +0000
@@ -1,7 +1,3 @@
1# Work around bug:
2# https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1186662
3capability dac_override,
4
5/run/maas/dhcp/ r,1/run/maas/dhcp/ r,
6/run/maas/dhcp/** r,2/run/maas/dhcp/** r,
7/run/maas/dhcp/*.pid lrw,3/run/maas/dhcp/*.pid lrw,
84
=== modified file 'debian/maas-dhcp.maas-dhcpd.service'
--- debian/maas-dhcp.maas-dhcpd.service 2016-03-15 18:58:50 +0000
+++ debian/maas-dhcp.maas-dhcpd.service 2016-03-16 14:20:56 +0000
@@ -15,16 +15,15 @@
15KillSignal=SIGKILL15KillSignal=SIGKILL
16# Allow dhcp server to write lease and pid file as 'dhcpd' user16# Allow dhcp server to write lease and pid file as 'dhcpd' user
17ExecStartPre=/bin/mkdir -p /run/maas/dhcp17ExecStartPre=/bin/mkdir -p /run/maas/dhcp
18ExecStartPre=/bin/chown root:root /run/maas/dhcp18# The leases files need to be root:dhcpd even when dropping privileges
19# The leases files need to be root:root even when dropping privileges
20ExecStartPre=/bin/mkdir -p /var/lib/maas/dhcp19ExecStartPre=/bin/mkdir -p /var/lib/maas/dhcp
21ExecStartPre=/bin/chown root:root /var/lib/maas/dhcp
22# Start the daemon20# Start the daemon
23ExecStart=/bin/sh -ec '\21ExecStart=/bin/sh -ec '\
24 INTERFACES=$(cat /var/lib/maas/dhcpd-interfaces); \22 INTERFACES=$(cat /var/lib/maas/dhcpd-interfaces); \
25 LEASES_FILE=/var/lib/maas/dhcp/dhcpd.leases; \23 LEASES_FILE=/var/lib/maas/dhcp/dhcpd.leases; \
26 [ -e $LEASES_FILE ] || touch $LEASES_FILE; \24 [ -e $LEASES_FILE ] || touch $LEASES_FILE; \
27 chown root:root /var/lib/maas/dhcp /var/lib/maas/dhcp/dhcpd.leases*; \25 chown root:dhcpd /var/lib/maas/dhcp /var/lib/maas/dhcp/dhcpd.leases*; \
26 chmod 775 /var/lib/maas/dhcp ; chmod 664 /var/lib/maas/dhcp/dhcpd.leases; \
28 exec dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/maas/dhcp/dhcpd.pid \27 exec dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/maas/dhcp/dhcpd.pid \
29 -cf /var/lib/maas/dhcpd.conf -lf $LEASES_FILE $INTERFACES'28 -cf /var/lib/maas/dhcpd.conf -lf $LEASES_FILE $INTERFACES'
3029
3130
=== modified file 'debian/maas-dhcp.maas-dhcpd6.service'
--- debian/maas-dhcp.maas-dhcpd6.service 2016-03-15 18:58:50 +0000
+++ debian/maas-dhcp.maas-dhcpd6.service 2016-03-16 14:20:56 +0000
@@ -15,16 +15,16 @@
15KillSignal=SIGKILL15KillSignal=SIGKILL
16# Allow dhcp server to write lease and pid file as 'dhcpd' user16# Allow dhcp server to write lease and pid file as 'dhcpd' user
17ExecStartPre=/bin/mkdir -p /run/maas/dhcp17ExecStartPre=/bin/mkdir -p /run/maas/dhcp
18ExecStartPre=/bin/chown root:root /run/maas/dhcp18# The leases files need to be root:dhcpd even when dropping privileges
19# The leases files need to be root:root even when dropping privileges
20ExecStartPre=/bin/mkdir -p /var/lib/maas/dhcp19ExecStartPre=/bin/mkdir -p /var/lib/maas/dhcp
21ExecStartPre=/bin/chown root:root /var/lib/maas/dhcp
22# Start the daemon20# Start the daemon
23ExecStart=/bin/sh -ec '\21ExecStart=/bin/sh -ec '\
24 INTERFACES=$(cat /var/lib/maas/dhcpd-interfaces); \22 INTERFACES=$(cat /var/lib/maas/dhcpd-interfaces); \
25 LEASES_FILE=/var/lib/maas/dhcp/dhcpd6.leases; \23 LEASES_FILE=/var/lib/maas/dhcp/dhcpd6.leases; \
26 [ -e $LEASES_FILE ] || touch $LEASES_FILE; \24 [ -e $LEASES_FILE ] || touch $LEASES_FILE; \
27 chown root:root /var/lib/maas/dhcp /var/lib/maas/dhcp/dhcpd6.leases*; \25 chown root:root /var/lib/maas/dhcp /var/lib/maas/dhcp/dhcpd6.leases*; \
26 chown root:dhcpd /var/lib/maas/dhcp /var/lib/maas/dhcp/dhcpd6.leases; \
27 chmod 775 /var/lib/maas/dhcp ; chmod 664 /var/lib/maas/dhcp/dhcpd6.leases; \
28 exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/maas/dhcp/dhcpd6.pid \28 exec dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/maas/dhcp/dhcpd6.pid \
29 -cf /var/lib/maas/dhcpd6.conf -lf $LEASES_FILE $INTERFACES'29 -cf /var/lib/maas/dhcpd6.conf -lf $LEASES_FILE $INTERFACES'
3030

Subscribers

People subscribed via source and target branches