Bug #30489 » 0004-CVE-2020-14335-dhcpd.conf-permissions.patch
| manifests/proxydhcp.pp | ||
|---|---|---|
|
if $foreman_proxy::dhcp_manage_acls {
|
||
|
File <| title == $::dhcp::dhcp_dir |> { mode => '0750' }
|
||
|
package {'acl':
|
||
|
ensure => 'installed',
|
||
|
}
|
||
|
['/etc/dhcp', '/var/lib/dhcpd'].each |$path| {
|
||
|
[$::dhcp::dhcp_dir, '/var/lib/dhcpd'].each |$path| {
|
||
|
exec { "Allow ${::foreman_proxy::user} to read ${path}":
|
||
|
command => "setfacl -R -m u:${::foreman_proxy::user}:rx ${path}",
|
||
|
path => '/usr/bin',
|
||
| ... | ... | |
|
}
|
||
|
}
|
||
|
} else {
|
||
|
File <| title == $::dhcp::dhcp_dir |> { mode => '0750', group => $::foreman_proxy::user }
|
||
|
}
|
||
|
if $failover {
|
||
- « Previous
- 1
- 2
- 3
- 4
- Next »