Add config and log paths to rpm

ctc-oss / fapolicy-analyzer

Tools to assist with the configuration and management of fapolicyd.

https://ctc-oss.github.io/fapolicy-analyzer

GNU General Public License v3.0

12 stars 5 forks source link

Add config and log paths to rpm #768

Closed jw3 closed 1 year ago

jw3 commented 1 year ago

To ensure the config and log paths are accessible after rpm install they should be added to the rpm file list.

This likely eliminates xdg directories.

/etc/fapolicy-analyzer/config.toml
/var/log/fapolicy-analyzer.log

jw3 commented 1 year ago

This would resolve #454

jw3 commented 1 year ago

I think development environments will still use XDG.

tparchambault commented 1 year ago

Will use a command-line option (tentatively, -x, if unused) to specify the use of the default xdg locations, otherwise logs and config files will be located under /var/log/ and /etc/ respectively.

jw3 commented 1 year ago

The rpm spec will get an entry like this for the config file

%config(noreplace) %attr(644,root,root) %{_sysconfdir}/%{name}/config.toml

and like this for the log file

%ghost %attr(440,root,root) %{_localstatedir}/log/%{name}.log

(ballpark anyways)

jw3 commented 1 year ago

The config file part should be straightforward. It needs added to ensure it is trusted in an install out of the box.

Need to look closer at the log file aspect of this then, is there an existing rule for var log locations? Like TA brought up, trust is not ideal for a log file.

tparchambault commented 1 year ago

Maybe fapolicyd's log file entry in its spec file is somewhere in the ballpark:

%ghost %attr(440,%{name},%{name}) %verify(not md5 size mtime) %{_localstatedir}/log/%{name}-access.log

Or maybe there's already a default rule as JW mentioned in our meeting.

tparchambault commented 1 year ago

Awaiting review/merge via @jw3