Révision 0b7bcb5d
Align filemode on RedHat to distro default
The RPM acutally ships the configuration and directory with
0600/0700 while this module sets the mode to 0640/0750.
However, this has the drawback that on new nftables RPM versions,
we are setting it back to the modules mode and triggering an nft
validate.
| spec/classes/router_spec.rb | ||
|---|---|---|
| 9 | 9 |
context "on #{os}" do
|
| 10 | 10 |
let(:facts) { os_facts }
|
| 11 | 11 |
|
| 12 |
nft_mode = case os_facts[:os]['family'] |
|
| 13 |
when 'RedHat' |
|
| 14 |
'0600' |
|
| 15 |
else |
|
| 16 |
'0640' |
|
| 17 |
end |
|
| 18 |
|
|
| 12 | 19 |
context 'as router' do |
| 13 | 20 |
let(:pre_condition) do |
| 14 | 21 |
' |
| ... | ... | |
| 37 | 44 |
path: '/etc/nftables/puppet-preflight/inet-filter-chain-default_fwd.nft', |
| 38 | 45 |
owner: 'root', |
| 39 | 46 |
group: 'root', |
| 40 |
mode: '0640',
|
|
| 47 |
mode: nft_mode,
|
|
| 41 | 48 |
ensure_newline: true |
| 42 | 49 |
) |
| 43 | 50 |
} |
| ... | ... | |
| 79 | 86 |
path: '/etc/nftables/puppet-preflight/ip-nat-chain-PREROUTING.nft', |
| 80 | 87 |
owner: 'root', |
| 81 | 88 |
group: 'root', |
| 82 |
mode: '0640',
|
|
| 89 |
mode: nft_mode,
|
|
| 83 | 90 |
ensure_newline: true |
| 84 | 91 |
) |
| 85 | 92 |
} |
| ... | ... | |
| 121 | 128 |
path: '/etc/nftables/puppet-preflight/ip-nat-chain-POSTROUTING.nft', |
| 122 | 129 |
owner: 'root', |
| 123 | 130 |
group: 'root', |
| 124 |
mode: '0640',
|
|
| 131 |
mode: nft_mode,
|
|
| 125 | 132 |
ensure_newline: true |
| 126 | 133 |
) |
| 127 | 134 |
} |
Formats disponibles : Unified diff