From ec394ccfa21386f9f09f3a55df4e52e76777c677 Mon Sep 17 00:00:00 2001 From: Jeremy Saklad Date: Sat, 18 Mar 2023 08:53:41 -0500 Subject: [PATCH] main/knot: loosen /run directory permission Knot DNS 3.2.5 changed socket permissions to allow any user to communicate with the DNS server. For this to be usable, any user must be able to access a socket in the runtime directory. Search permission should be sufficient for this purpose, as anything trying to connect to a socket should already know the path it is looking for. --- main/knot/APKBUILD | 4 ++-- main/knot/knotd.initd | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/main/knot/APKBUILD b/main/knot/APKBUILD index 0f005cd2443..4b5618e7f12 100644 --- a/main/knot/APKBUILD +++ b/main/knot/APKBUILD @@ -5,7 +5,7 @@ # Maintainer: Jakub Jirutka pkgname=knot pkgver=3.2.5 -pkgrel=0 +pkgrel=1 pkgdesc="An high-performance authoritative-only DNS server" url="https://www.knot-dns.cz/" # testsuite fails on 32 bit arches with musl 1.2 @@ -128,5 +128,5 @@ gpgfingerprints="good:742F A4E9 5829 B6C5 EAC6 B857 10BB 7AF6 FEBB D6AB" sha512sums=" c73874b60970b4b1d14f141fa40d47d6620e475b1fb3a5f803956e3b6d8b670d7250b049b26679e1488bfba5bfcfa65ef75c68a494c94f36b60d697fa95048f7 knot-3.2.5.tar.xz 471d3c639a8235ba09491c99d36c0a4f1074d6055ccfd3807be02a30d3ed5bbe69a84f0414ea7810db6bbc1e38f5837108e5744fc59f949ed78a262a7de4597e knotd.confd -979f06a83dd4326920a682f8190319577faf904e0e379b3c55e0420eb43dcb55d86c6727015634fa0c2dff1dddac43bbd5a216ff04f217ad91d670eb899dbefa knotd.initd +352f9f85344743670e1ed2be3a4b9e6ddffa47fcc1958c3b903713a7437da02a1ec0521d73289a826e1d6bd5ad24553116757a5763e3c2b3dba74b3220937dbb knotd.initd " diff --git a/main/knot/knotd.initd b/main/knot/knotd.initd index 781346216ca..6ae461267e1 100644 --- a/main/knot/knotd.initd +++ b/main/knot/knotd.initd @@ -16,7 +16,8 @@ depend() { } start_pre() { - checkpath -d -m 0750 -o knot:knot /run/knot/ /var/lib/knot/ + checkpath -d -m 0751 -o knot:knot /run/knot/ + checkpath -d -m 0750 -o knot:knot /var/lib/knot/ } stop() {