From f0045fed1aec74234cfbdfeb87d9e0852dd4c89a Mon Sep 17 00:00:00 2001
From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Thu, 2 Apr 2020 15:29:56 +0200
Subject: [PATCH] systemd/tmpfiles: change directory owner to root

Change the owner of kresd files to root:knot-resolver. This improves
behaviour for Fedora, where kresd can run under root (e.g. in Docker).
Otherwise, running kresd as root on Fedora would fail because of dropped
capabilities and attempting to access /var/lib/knot-resolver, which was
owned by knot-resolver.

This change makes it possible for both root (user) and knot-resolver
(group) to have the same permissions on these directories despite
dropped capabilities.
---
 systemd/tmpfiles.d/knot-resolver.conf.in | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/systemd/tmpfiles.d/knot-resolver.conf.in b/systemd/tmpfiles.d/knot-resolver.conf.in
index 204088de7..5353a8522 100644
--- a/systemd/tmpfiles.d/knot-resolver.conf.in
+++ b/systemd/tmpfiles.d/knot-resolver.conf.in
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: CC0-1.0
 # tmpfiles.d(5) directories for knot-resolver (kresd)
 #Type Path                            Mode UID           GID          Age Argument
-    d @run_dir@                       0750 @user@        @group@       -   -
-    d @systemd_work_dir@              0750 @user@        @group@       -   -
-    d @systemd_cache_dir@             0750 @user@        @group@       -   -
+    d @run_dir@                       0770 root          @group@       -   -
+    d @systemd_work_dir@              0770 root          @group@       -   -
+    d @systemd_cache_dir@             0770 root          @group@       -   -
-- 
2.47.2