https://bugzilla.redhat.com/show_bug.cgi?id=2376217
--- Comment #62 from Dave Dykstra <[email protected]> --- (In reply to Maxwell G from comment #60) ... > > %attr(0700,%{name},%{name}) %dir %{_sysconfdir}/%{name}.d/tls > > and > > > %attr(0700,%{name},%{name}) %dir %{_sharedstatedir}/%{name} > > For the tls directory, can the directory be owned by root:openbao with file > permissions 0750 instead so the service user cannot change its contents? For > /var/lib/openbao, I think the permissions are correct; I assume the service > needs to write there. That's correct, it needs to be able to write to /var/lib/openbao. I changed the tls directory as recommended. > > %verify(not caps) %{_bindir}/bao > > %verify(no caps) can also be removed since you removed the scriptlet. Right, good point. Done. Thank you so much, Maxwell! -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2376217 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202376217%23c62 -- _______________________________________________ package-review mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
