From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Thu, 2 Apr 2020 13:29:56 +0000 (+0200)
Subject: systemd/tmpfiles: change directory owner to root
X-Git-Tag: v5.1.0~15^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f0045fed1aec74234cfbdfeb87d9e0852dd4c89a;p=thirdparty%2Fknot-resolver.git

systemd/tmpfiles: change directory owner to root

Change the owner of kresd files to root:knot-resolver. This improves
behaviour for Fedora, where kresd can run under root (e.g. in Docker).
Otherwise, running kresd as root on Fedora would fail because of dropped
capabilities and attempting to access /var/lib/knot-resolver, which was
owned by knot-resolver.

This change makes it possible for both root (user) and knot-resolver
(group) to have the same permissions on these directories despite
dropped capabilities.
---

diff --git a/systemd/tmpfiles.d/knot-resolver.conf.in b/systemd/tmpfiles.d/knot-resolver.conf.in
index 204088de7..5353a8522 100644
--- a/systemd/tmpfiles.d/knot-resolver.conf.in
+++ b/systemd/tmpfiles.d/knot-resolver.conf.in
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: CC0-1.0
 # tmpfiles.d(5) directories for knot-resolver (kresd)
 #Type Path                            Mode UID           GID          Age Argument
-    d @run_dir@                       0750 @user@        @group@       -   -
-    d @systemd_work_dir@              0750 @user@        @group@       -   -
-    d @systemd_cache_dir@             0750 @user@        @group@       -   -
+    d @run_dir@                       0770 root          @group@       -   -
+    d @systemd_work_dir@              0770 root          @group@       -   -
+    d @systemd_cache_dir@             0770 root          @group@       -   -