lbu does not store permissions on base directories that are entered with 'lbu include'
lbu provides the included file list from
apk audit --backup --quiet --recursive, rather than a shell variable.
apk audit --backup --quiet --recursive seems not to list the
base directories contained in lbu.list. In my case it only lists the
contents of those directories. As a result, lbu does not include the
base directory in the apkovl. This causes the boot procedure to apply
the apkovl and create the directory with the default owner and umask
(root:root mode 755 on this system) whereas the service requires
otherwise: (postgresql requires postgres:postgres mode 700).
I suggest that
apk audit --backup output the base directories from
/etc/apk/protected_paths/lbu.list and not just the contents, so that
the user can specify directories that need permissions stored. This will
match previous behavior of lbu.
(from redmine: issue id 1241, created on 2012-07-04, closed on 2012-07-17)
- Revision 5aa69984 by Timo Teräs on 2012-07-09T11:59:40Z:
audit: get right protection mask for base directories in the lists Use the paths' protection mask where available instead of the parent paths'. ref #1241
- Revision ea5b08d1 by Timo Teräs on 2012-07-16T11:44:15Z:
audit: fix protection mask of non-db directories If a directory has protection mask, but does not exist in db, we do not handle it right unless we calculate the protection mask by hand, or create temporary db dir entry for it. For simplicity create always the db dir entry -- depending on audit type we likely need to create it anyway. This commit also caches the db dir entry in the audit tree context to avoid duplicate lookups. ref #1241.
- Revision 3882d7fb0dc347b5f9880b48fcd1b47175cc4260 by Natanael Copa on 2012-07-17T07:17:52Z:
main/apk-tools: upgrade to 2.3.2 ref #1241
- Revision 1e86290662203830e0c32ef673c230a2e82c8576 by Natanael Copa on 2012-07-17T11:03:00Z:
main/alpine-conf: check permissions when generating apkovl ref #1241
- Revision 451f2026b9908506ff879bb5bae989ea1a699dcc by Natanael Copa on 2012-07-17T13:09:30Z:
main/alpine-conf: check permissions when generating apkovl ref #1241 (cherry picked from commit 1e86290662203830e0c32ef673c230a2e82c8576)
- Revision f38fb0a22170382f18a44eb1520fcdb3b53d5ad0 by Natanael Copa on 2012-07-17T13:10:16Z:
main/apk-tools: upgrade to 2.3.2 fixes #1241 (cherry picked from commit 3882d7fb0dc347b5f9880b48fcd1b47175cc4260)