Révision 0b7bcb5d
Align filemode on RedHat to distro default
The RPM acutally ships the configuration and directory with
0600/0700 while this module sets the mode to 0640/0750.
However, this has the drawback that on new nftables RPM versions,
we are setting it back to the modules mode and triggering an nft
validate.
| spec/classes/nftables_spec.rb | ||
|---|---|---|
| 22 | 22 |
'/etc/nftables.conf' |
| 23 | 23 |
end |
| 24 | 24 |
|
| 25 |
nft_mode = case os_facts[:os]['family'] |
|
| 26 |
when 'RedHat' |
|
| 27 |
'0600' |
|
| 28 |
else |
|
| 29 |
'0640' |
|
| 30 |
end |
|
| 31 |
|
|
| 25 | 32 |
it { is_expected.to compile.with_all_deps }
|
| 26 | 33 |
|
| 27 | 34 |
it { is_expected.to contain_package('nftables') }
|
| ... | ... | |
| 31 | 38 |
ensure: 'directory', |
| 32 | 39 |
owner: 'root', |
| 33 | 40 |
group: 'root', |
| 34 |
mode: '0750'
|
|
| 41 |
mode: nft_mode
|
|
| 35 | 42 |
) |
| 36 | 43 |
} |
| 37 | 44 |
|
| ... | ... | |
| 40 | 47 |
ensure: 'file', |
| 41 | 48 |
owner: 'root', |
| 42 | 49 |
group: 'root', |
| 43 |
mode: '0640',
|
|
| 50 |
mode: nft_mode,
|
|
| 44 | 51 |
content: %r{flush ruleset}
|
| 45 | 52 |
) |
| 46 | 53 |
} |
| ... | ... | |
| 56 | 63 |
ensure: 'directory', |
| 57 | 64 |
owner: 'root', |
| 58 | 65 |
group: 'root', |
| 59 |
mode: '0750',
|
|
| 66 |
mode: nft_mode,
|
|
| 60 | 67 |
purge: true, |
| 61 | 68 |
force: true, |
| 62 | 69 |
recurse: true |
| ... | ... | |
| 68 | 75 |
ensure: 'file', |
| 69 | 76 |
owner: 'root', |
| 70 | 77 |
group: 'root', |
| 71 |
mode: '0640',
|
|
| 78 |
mode: nft_mode,
|
|
| 72 | 79 |
content: %r{flush ruleset}
|
| 73 | 80 |
) |
| 74 | 81 |
} |
| ... | ... | |
| 84 | 91 |
ensure: 'directory', |
| 85 | 92 |
owner: 'root', |
| 86 | 93 |
group: 'root', |
| 87 |
mode: '0750',
|
|
| 94 |
mode: nft_mode,
|
|
| 88 | 95 |
purge: true, |
| 89 | 96 |
force: true, |
| 90 | 97 |
recurse: true |
Formats disponibles : Unified diff