Changeset 2551


Ignore:
Timestamp:
Jul 27, 2014, 5:52:55 PM (10 years ago)
Author:
andersk
Message:
Put back CAP_DAC_OVERRIDE on suexec so it can write to /var/log/httpd

In the future, though, we may want to investigate following Fedora’s
switch to syslog.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/fc20-dev/server/fedora/specs/httpd.spec.patch

    r2543 r2551  
    1 --- httpd.spec.orig     2014-05-25 18:59:21.318657218 -0400
    2 +++ httpd.spec  2014-05-25 19:00:15.324430542 -0400
     1--- httpd.spec.orig     2014-07-23 06:24:15.000000000 -0400
     2+++ httpd.spec  2014-07-27 17:38:45.622914152 -0400
    33@@ -15,7 +15,7 @@
    44 Summary: Apache HTTP Server
     
    1010 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
    1111 Source1: index.html
    12 @@ -86,6 +86,12 @@
     12@@ -84,6 +84,12 @@
    1313 Requires(post): systemd-units
    1414 Conflicts: apr < 1.5.0-1
     
    2323 The Apache HTTP Server is a powerful, efficient, and extensible
    2424 web server.
    25 @@ -96,6 +102,7 @@
     25@@ -94,6 +100,7 @@
    2626 Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
    2727 Requires: apr-devel, apr-util-devel, pkgconfig
     
    3131 %description devel
    3232 The httpd-devel package contains the APXS binary and other files
    33 @@ -134,6 +141,7 @@
     33@@ -132,6 +139,7 @@
    3434 Requires(post): openssl, /bin/cat
    3535 Requires(pre): httpd
     
    3939 
    4040 %description -n mod_ssl
    41 @@ -200,6 +208,11 @@
     41@@ -196,6 +204,11 @@
    4242 # Prevent use of setcap in "install-suexec-caps" target.
    4343 sed -i '/suexec/s,setcap ,echo Skipping setcap for ,' Makefile.in
     
    5151 vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
    5252 if test "x${vmmn}" != "x%{mmn}"; then
    53 @@ -246,11 +259,13 @@
     53@@ -242,11 +255,13 @@
    5454        --enable-suexec --with-suexec \
    5555         --enable-suexec-capabilities \
     
    6969         --with-pcre \
    7070         --enable-mods-shared=all \
     71@@ -542,7 +557,8 @@
     72 %{_sbindir}/fcgistarter
     73 %{_sbindir}/apachectl
     74 %{_sbindir}/rotatelogs
     75-%caps(cap_setuid,cap_setgid+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
     76+# cap_dac_override needed to write to /var/log/httpd
     77+%caps(cap_setuid,cap_setgid,cap_dac_override+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
     78 
     79 %dir %{_libdir}/httpd
     80 %dir %{_libdir}/httpd/modules
Note: See TracChangeset for help on using the changeset viewer.