From ddd40f08f2086690e8439c9ce8183ead7d41761b Mon Sep 17 00:00:00 2001 From: Carmen Rata Date: Thu, 22 Oct 2020 23:05:08 -0400 Subject: [PATCH] Fix shared libraries file permissions Updated shared library files permission from /usr/lib/systemd/system/ to be non group-writable, to fix openscap security violation. Verified installation is successful in AIO-SX and Standard 2+2 system configurations. Ran successfully "taskset" command to check current affinity to platforms CPUs. Story: 2008037 Task: 40694 Change-Id: If8d7d3becba073ee827e988f1e651a9c8d31d773 Signed-off-by: Carmen Rata --- utilities/logmgmt/centos/logmgmt.spec | 2 +- utilities/worker-utils/worker-utils/Makefile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/utilities/logmgmt/centos/logmgmt.spec b/utilities/logmgmt/centos/logmgmt.spec index 6981cb8a..e261c350 100644 --- a/utilities/logmgmt/centos/logmgmt.spec +++ b/utilities/logmgmt/centos/logmgmt.spec @@ -57,7 +57,7 @@ install -p -D -m 700 scripts/init.d/logmgmt %{buildroot}%{local_etc_initd}/logmg install -d -m 755 %{buildroot}%{local_etc_pmond} install -p -D -m 644 scripts/pmon.d/logmgmt %{buildroot}%{local_etc_pmond}/logmgmt -install -p -D -m 664 scripts/etc/systemd/system/logmgmt.service %{buildroot}%{_unitdir}/logmgmt.service +install -p -D -m 644 scripts/etc/systemd/system/logmgmt.service %{buildroot}%{_unitdir}/logmgmt.service %post /usr/bin/systemctl enable logmgmt.service >/dev/null 2>&1 diff --git a/utilities/worker-utils/worker-utils/Makefile b/utilities/worker-utils/worker-utils/Makefile index 160d6b50..bb5460a8 100644 --- a/utilities/worker-utils/worker-utils/Makefile +++ b/utilities/worker-utils/worker-utils/Makefile @@ -29,5 +29,5 @@ install: install -p -D -m 755 topology $(BINDIR)/topology install -p -D -m 644 worker_reserved.conf $(PLATFORMCONFDIR)/worker_reserved.conf install -p -D -m 755 worker-goenabled.sh $(GOENABLEDDIR)/worker-goenabled.sh - install -p -D -m 664 affine-platform.sh.service $(SYSTEMDDIR)/affine-platform.sh.service - install -p -D -m 664 affine-tasks.service $(SYSTEMDDIR)/affine-tasks.service + install -p -D -m 644 affine-platform.sh.service $(SYSTEMDDIR)/affine-platform.sh.service + install -p -D -m 644 affine-tasks.service $(SYSTEMDDIR)/affine-tasks.service