aboutsummaryrefslogtreecommitdiffstats
path: root/man
diff options
context:
space:
mode:
authorBryn M. Reeves <bmr@redhat.com>2012-12-12 19:06:40 +0000
committerBryn M. Reeves <bmr@redhat.com>2012-12-12 19:06:40 +0000
commit7d3d1473510b07962ec04b6449fe18b8ace77c40 (patch)
tree32e23afb7c129064ada2f55e115407375e1dd2a4 /man
parent653ad8f21452a4d73ebe1664ae761e296690a0e9 (diff)
downloadsos-7d3d1473510b07962ec04b6449fe18b8ace77c40.tar.gz
Work around non-writable directories in host file systems
Distributions that have moved to reduced capabilities and replaced suid and sgid binaries with fscaps have tightened the permissions on several standard system paths. For e.g.: dr-xr-xr-x. 18 root root 4096 Nov 23 19:04 / -rw-r--r--. 1 root root 1174 Dec 11 18:05 /etc/passwd ----------. 1 root root 742 Dec 11 18:05 /etc/shadow dr-xr-x---. 8 root root 4096 Dec 12 19:06 /root Processes that need to write to these paths on the host system must possess cap_dac_override in order to work but in the archive this creates problems when unpacking the archive without this capability. For files this is not a problem since the user only requires write permissions to the containing directory to remove the file. For directories it causes real problems for unprivileged users working with sosreport archives. This includes problems unpacking the archive (since directories are created without write permissions causing subsequent file creation beneath that path to fail) as well as problems cleaning up archives as a typical 'rm -rf' fails to remove these paths. These problems make it impossible to create archives that are both failthful to the host system and easy to work with for typical analysis users. Ultimately this may necessitate dropping permission preservation in the archive and instead storing these (and other information like ACLs and SELinux context) in files within the archive instead). Works around Issue #85
Diffstat (limited to 'man')
0 files changed, 0 insertions, 0 deletions