Fix mv destination file path for /etc/bind

- Force Package[bind] to be installed before moving /etc/bind into the
  $chroot_dir

- Fix recursive permissions for /var/bind9/chroot/** directories (so
  that user bind can cross those directories if they belong to root)
This commit is contained in:
Cédric Defortis
2017-10-18 12:08:16 +02:00
committed by Cedric DEFORTIS
parent 16f2f22c4b
commit 1ea5d96d6b
2 changed files with 12 additions and 11 deletions
+7 -7
View File
@@ -14,7 +14,7 @@ class bind::chroot::manual(
"${::bind::defaults::chroot_dir}/var/cache",
"${::bind::defaults::chroot_dir}/var/run"]:
ensure => directory,
mode => '0660',
mode => '0661',
require => Exec['mkdir-p-$chroot_dir'],
}
@@ -48,13 +48,13 @@ class bind::chroot::manual(
require => [ Exec['mknod-dev-null'], Exec['mknod-dev-random'], Exec['mknod-dev-urandom'] ],
}
exec { 'mv-etc-bind-into-jailed-etc':
command => "mv ${::bind::defaults::confdir} ${::bind::defaults::chroot_dir}",
command => "mv ${::bind::defaults::confdir} ${::bind::defaults::chroot_dir}${::bind::defaults::confdir}",
path => ['/bin', '/usr/bin'],
unless => "test -d ${::bind::defaults::chroot_dir}${::bind::defaults::confdir}",
require => [ File["${::bind::defaults::chroot_dir}/etc"] ]
require => [ Package['bind'], File["${::bind::defaults::chroot_dir}/etc"] ],
}
-> file { '/etc/bind':
ensure => link,
target => "${::bind::defaults::chroot_dir}${::bind::defaults::confdir}",
}
#-> file { '/etc/bind':
# ensure => link,
# target => "${::bind::defaults::chroot_dir}/${::bind::defaults::confdir}",
#}
}