Hello, I was told that this patch isn’t solving the problem it is supposed to solve. However, I do not see why. Could someone explain to my little brain why? -Michael > On 22 Aug 2022, at 21:11, Peter Müller wrote: > > The second version of this patch avoids being generous with file > permissions, as Stefan pointed out that /var/ipfire/ipblocklist/sources > must not be writable to "nobody". > > Therefore, the needed files ("settings" and "modify") are prepared > during the Core Upgrade and LFS file, and equipped with appropriate > permissions. > > Fixes: #12917 > Cc: Stefan Schantl > Signed-off-by: Peter Müller > --- > config/rootfiles/core/170/update.sh | 4 ++++ > lfs/ipblocklist-sources | 2 ++ > 2 files changed, 6 insertions(+) > > diff --git a/config/rootfiles/core/170/update.sh b/config/rootfiles/core/170/update.sh > index b6b66f3f1..9d16f4a32 100644 > --- a/config/rootfiles/core/170/update.sh > +++ b/config/rootfiles/core/170/update.sh > @@ -164,6 +164,10 @@ ldconfig > mkdir -pv /var/lib/ipblocklist > chown nobody:nobody /var/lib/ipblocklist > > +# Create necessary files for IPBlocklist and set their ownership accordingly (#12917) > +touch /var/ipfire/ipblocklist/{settings,modified} > +chown nobody:nobody /var/ipfire/ipblocklist/{settings,modified} > + > # Rebuild fcrontab from scratch > /usr/bin/fcrontab -z > > diff --git a/lfs/ipblocklist-sources b/lfs/ipblocklist-sources > index 30b9e94a4..d0ce30350 100644 > --- a/lfs/ipblocklist-sources > +++ b/lfs/ipblocklist-sources > @@ -49,5 +49,7 @@ $(TARGET) : > @$(PREBUILD) > mkdir -p /var/ipfire/ipblocklist > install -v -m 0644 $(DIR_SRC)/config/ipblocklist/sources /var/ipfire/ipblocklist > + touch /var/ipfire/ipblocklist/{settings,modified} > + chown nobody:nobody /var/ipfire/ipblocklist/{settings,modified} > > @$(POSTBUILD) > -- > 2.35.3