diff options
author | Bryn M. Reeves <bmr@redhat.com> | 2012-12-12 19:06:40 +0000 |
---|---|---|
committer | Bryn M. Reeves <bmr@redhat.com> | 2012-12-12 19:06:40 +0000 |
commit | 7d3d1473510b07962ec04b6449fe18b8ace77c40 (patch) | |
tree | 32e23afb7c129064ada2f55e115407375e1dd2a4 /Makefile | |
parent | 653ad8f21452a4d73ebe1664ae761e296690a0e9 (diff) | |
download | sos-7d3d1473510b07962ec04b6449fe18b8ace77c40.tar.gz |
Work around non-writable directories in host file systems
Distributions that have moved to reduced capabilities and replaced
suid and sgid binaries with fscaps have tightened the permissions
on several standard system paths. For e.g.:
dr-xr-xr-x. 18 root root 4096 Nov 23 19:04 /
-rw-r--r--. 1 root root 1174 Dec 11 18:05 /etc/passwd
----------. 1 root root 742 Dec 11 18:05 /etc/shadow
dr-xr-x---. 8 root root 4096 Dec 12 19:06 /root
Processes that need to write to these paths on the host system
must possess cap_dac_override in order to work but in the archive
this creates problems when unpacking the archive without this
capability.
For files this is not a problem since the user only requires write
permissions to the containing directory to remove the file. For
directories it causes real problems for unprivileged users working
with sosreport archives.
This includes problems unpacking the archive (since directories
are created without write permissions causing subsequent file
creation beneath that path to fail) as well as problems cleaning
up archives as a typical 'rm -rf' fails to remove these paths.
These problems make it impossible to create archives that are both
failthful to the host system and easy to work with for typical
analysis users. Ultimately this may necessitate dropping permission
preservation in the archive and instead storing these (and other
information like ACLs and SELinux context) in files within the
archive instead).
Works around Issue #85
Diffstat (limited to 'Makefile')
0 files changed, 0 insertions, 0 deletions