Write new pg_hba.conf directly in correct dir

To prevent SELinux category problems when writing outside volumes
uyuni-project · Jan 31, 2025 · 97e577d · 97e577d
1 parent ee90d69
commit 97e577d
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 6 deletions.
diff --git a/susemanager/bin/mgr-setup b/susemanager/bin/mgr-setup
@@ -157,12 +157,12 @@ setup_db_postgres() {
     local $MANAGER_DB_NAME $MANAGER_USER scram-sha-256
     host $MANAGER_DB_NAME $MANAGER_USER 127.0.0.1/32 scram-sha-256
     host $MANAGER_DB_NAME $MANAGER_USER ::1/128 scram-sha-256
-    host $MANAGER_DB_NAME $MANAGER_USER $INT_NET scram-sha-256" > /tmp/pg_hba.conf
-            cat ${DATADIR}/pg_hba.conf >> /tmp/pg_hba.conf
-            mv ${DATADIR}/pg_hba.conf ${DATADIR}/pg_hba.conf.bak
-            mv /tmp/pg_hba.conf ${DATADIR}/pg_hba.conf
-            chmod 600 ${DATADIR}/pg_hba.conf
-            chown postgres:postgres ${DATADIR}/pg_hba.conf
+    host $MANAGER_DB_NAME $MANAGER_USER $INT_NET scram-sha-256" > "${DATADIR}/pg_hba.conf.new"
+            cat "${DATADIR}/pg_hba.conf" >> "${DATADIR}/pg_hba.conf.new"
+            mv "${DATADIR}/pg_hba.conf" "${DATADIR}/pg_hba.conf.bak"
+            mv "${DATADIR}/pg_hba.conf.new" "${DATADIR}/pg_hba.conf"
+            chmod 600 "${DATADIR}/pg_hba.conf"
+            chown postgres:postgres "${DATADIR}/pg_hba.conf"
             su postgres -c "/usr/share/postgresql/postgresql-script reload"
         else
             echo "Database exists. Preparing for resetup. All data will be removed."

diff --git a/susemanager/susemanager.changes.oholecek.prevent_selinux_by_writing_to_tmp b/susemanager/susemanager.changes.oholecek.prevent_selinux_by_writing_to_tmp
@@ -0,0 +1,2 @@
+- Write new pg_hba conf to correct directory to prevent
+  SELinux context category problem
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		- Write new pg_hba conf to correct directory to prevent
		SELinux context category problem