main/knot: loosen /run directory permission

Knot DNS 3.2.5 changed socket permissions to allow any user to communicate with the DNS server. For this to be usable, any user must be able to access a socket in the runtime directory. Search permission should be sufficient for this purpose, as anything trying to connect to a socket should already know the path it is looking for.
2026-05-05 04:16:46 +02:00 · 2023-03-18 08:53:41 -05:00 · 2023-03-18 08:53:41 -05:00 · ec394ccfa2
commit ec394ccfa2
parent 035a692106
2 changed files with 4 additions and 3 deletions
--- a/main/knot/APKBUILD
+++ b/main/knot/APKBUILD
@ -5,7 +5,7 @@
 # Maintainer: Jakub Jirutka <jakub@jirutka.cz>
 pkgname=knot
 pkgver=3.2.5
-pkgrel=0
+pkgrel=1
 pkgdesc="An high-performance authoritative-only DNS server"
 url="https://www.knot-dns.cz/"
 # testsuite fails on 32 bit arches with musl 1.2
@ -128,5 +128,5 @@ gpgfingerprints="good:742F A4E9 5829 B6C5 EAC6  B857 10BB 7AF6 FEBB D6AB"
 sha512sums="
 c73874b60970b4b1d14f141fa40d47d6620e475b1fb3a5f803956e3b6d8b670d7250b049b26679e1488bfba5bfcfa65ef75c68a494c94f36b60d697fa95048f7  knot-3.2.5.tar.xz
 471d3c639a8235ba09491c99d36c0a4f1074d6055ccfd3807be02a30d3ed5bbe69a84f0414ea7810db6bbc1e38f5837108e5744fc59f949ed78a262a7de4597e  knotd.confd
-979f06a83dd4326920a682f8190319577faf904e0e379b3c55e0420eb43dcb55d86c6727015634fa0c2dff1dddac43bbd5a216ff04f217ad91d670eb899dbefa  knotd.initd
+352f9f85344743670e1ed2be3a4b9e6ddffa47fcc1958c3b903713a7437da02a1ec0521d73289a826e1d6bd5ad24553116757a5763e3c2b3dba74b3220937dbb  knotd.initd
 "
--- a/main/knot/knotd.initd
+++ b/main/knot/knotd.initd
@ -16,7 +16,8 @@ depend() {
 }

 start_pre() {
-	checkpath -d -m 0750 -o knot:knot /run/knot/ /var/lib/knot/
+	checkpath -d -m 0751 -o knot:knot /run/knot/
+	checkpath -d -m 0750 -o knot:knot /var/lib/knot/
 }

 stop() {