From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH v2] ipblocklist: Both "settings" and "modify" need to be
 writable for "nobody"
Date: Mon, 22 Aug 2022 20:11:06 +0000
Message-ID: <06825b38-ec53-38c5-c8ce-12d70c1acb5b@ipfire.org>
In-Reply-To: <ddc5c786-2a77-03c6-dcdf-8ba7d349f8b1@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1818801957760749800=="
List-Id: <development.lists.ipfire.org>

--===============1818801957760749800==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

The second version of this patch avoids being generous with file
permissions, as Stefan pointed out that /var/ipfire/ipblocklist/sources
must not be writable to "nobody".

Therefore, the needed files ("settings" and "modify") are prepared
during the Core Upgrade and LFS file, and equipped with appropriate
permissions.

Fixes: #12917
Cc: Stefan Schantl <stefan.schantl(a)ipfire.org>
Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
---
 config/rootfiles/core/170/update.sh | 4 ++++
 lfs/ipblocklist-sources             | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/config/rootfiles/core/170/update.sh b/config/rootfiles/core/170/=
update.sh
index b6b66f3f1..9d16f4a32 100644
--- a/config/rootfiles/core/170/update.sh
+++ b/config/rootfiles/core/170/update.sh
@@ -164,6 +164,10 @@ ldconfig
 mkdir -pv /var/lib/ipblocklist
 chown nobody:nobody /var/lib/ipblocklist
=20
+# Create necessary files for IPBlocklist and set their ownership accordingly=
 (#12917)
+touch /var/ipfire/ipblocklist/{settings,modified}
+chown nobody:nobody /var/ipfire/ipblocklist/{settings,modified}
+
 # Rebuild fcrontab from scratch
 /usr/bin/fcrontab -z
=20
diff --git a/lfs/ipblocklist-sources b/lfs/ipblocklist-sources
index 30b9e94a4..d0ce30350 100644
--- a/lfs/ipblocklist-sources
+++ b/lfs/ipblocklist-sources
@@ -49,5 +49,7 @@ $(TARGET) :
 	@$(PREBUILD)
 	mkdir -p /var/ipfire/ipblocklist
 	install -v -m 0644 $(DIR_SRC)/config/ipblocklist/sources /var/ipfire/ipbloc=
klist
+	touch /var/ipfire/ipblocklist/{settings,modified}
+	chown nobody:nobody /var/ipfire/ipblocklist/{settings,modified}
=20
 	@$(POSTBUILD)
--=20
2.35.3

--===============1818801957760749800==--