Révision 0b7bcb5d
Align filemode on RedHat to distro default
The RPM acutally ships the configuration and directory with
0600/0700 while this module sets the mode to 0640/0750.
However, this has the drawback that on new nftables RPM versions,
we are setting it back to the modules mode and triggering an nft
validate.
| spec/classes/dnat4_spec.rb | ||
|---|---|---|
| 9 | 9 |
context "on #{os}" do
|
| 10 | 10 |
let(:facts) { os_facts }
|
| 11 | 11 |
|
| 12 |
nft_mode = case os_facts[:os]['family'] |
|
| 13 |
when 'RedHat' |
|
| 14 |
'0600' |
|
| 15 |
else |
|
| 16 |
'0640' |
|
| 17 |
end |
|
| 18 |
|
|
| 12 | 19 |
context 'with dnat' do |
| 13 | 20 |
let(:pre_condition) do |
| 14 | 21 |
' |
| ... | ... | |
| 57 | 64 |
path: '/etc/nftables/puppet-preflight/inet-filter-chain-default_fwd.nft', |
| 58 | 65 |
owner: 'root', |
| 59 | 66 |
group: 'root', |
| 60 |
mode: '0640',
|
|
| 67 |
mode: nft_mode,
|
|
| 61 | 68 |
ensure_newline: true |
| 62 | 69 |
) |
| 63 | 70 |
} |
| ... | ... | |
| 139 | 146 |
path: '/etc/nftables/puppet-preflight/ip-nat-chain-PREROUTING.nft', |
| 140 | 147 |
owner: 'root', |
| 141 | 148 |
group: 'root', |
| 142 |
mode: '0640',
|
|
| 149 |
mode: nft_mode,
|
|
| 143 | 150 |
ensure_newline: true |
| 144 | 151 |
) |
| 145 | 152 |
} |
Formats disponibles : Unified diff