Your message dated Thu, 03 Sep 2009 12:06:38 -0500
with message-id <[email protected]>
and subject line Re: policycoreutils - semanage does not set umask
has caused the Debian Bug report #524508,
regarding policycoreutils - semanage does not set umask
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
524508: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524508
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: policycoreutils
Version: 2.0.49-8
Severity: important
semanage does not set the umask for itself and does not fix the
permissions of rewritten files. This leads to a unreadable (for generic
user and therfor ssh) seusers file:
| -rw-r----- 1 root root 187 17. Apr 16:22 /etc/selinux/default/seusers
The pam module does not bail out on that but always assigns user_u for
users.
Bastian
--
Suffocating together ... would create heroic camaraderie.
-- Khan Noonian Singh, "Space Seed", stardate 3142.8
--- End Message ---
--- Begin Message ---
Version: 2.0.69-2
On Tue, Sep 01 2009, Stephen Smalley wrote:
> On Sun, 2009-08-23 at 09:46 -0500, Manoj Srivastava wrote:
>> Hi,
>>
>> This has been reported to the Debian BTS.
>>
>> semanage does not set the umask for itself and does not fix the
>> permissions of rewritten files. This leads to a unreadable (for generic
>> user and therfor ssh) seusers file:
>> -rw-r----- 1 root root 187 17. Apr 16:22 /etc/selinux/default/seusers
>>
>> The pam module does not bail out on that but always assigns
>> user_u for users.
>>
>> manoj
>>
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=524508
>
> When installing files such as seusers, semanage should be installing
> with a default file mode of 0644 or the file-mode specified
> by /etc/selinux/semanage.conf.
>
> Possibly the bug you are encountering is a consequence of the incorrect
> hard linking code introduced in libsemanage 2.0.31 that was reverted in
> libsemanage 2.0.35.
>
> commit 8edc3f9730aab6bd8f52dafb9686baddaac83954
> Author: Stephen Smalley <[email protected]>
> Date: Wed Aug 5 11:19:29 2009 -0400
>
> libsemanage: do not hard link files
>
> Remove the support for hard linking files in semanage_copy_file, as it
> is unsafe and can leave the active store corrupted if something goes
> wrong during the transaction. It also can leave the installed policy
> files with incorrect file modes or security contexts.
This can't be reproduced on the latest versions now.
manoj
--
Manoj Srivastava <[email protected]> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--- End Message ---
