- **status**: review --> fixed
- **assigned_to**: Hans Feldt --> nobody
- **Comment**:
changeset: 5966:0fb0d27bde70
branch: opensaf-4.3.x
parent: 5956:b8dfd4a2cc01
user: Hans Feldt <[email protected]>
date: Fri Sep 26 08:53:42 2014 +0200
summary: base: remove setgid/setuid calls in execute_timed [#1138]
changeset: 5967:1ba02b3bf85a
branch: opensaf-4.4.x
parent: 5959:59a26ad0410f
user: Hans Feldt <[email protected]>
date: Fri Sep 26 08:53:42 2014 +0200
summary: base: remove setgid/setuid calls in execute_timed [#1138]
changeset: 5968:8adcf25b25a4
branch: opensaf-4.5.x
parent: 5962:c7427848a172
user: Hans Feldt <[email protected]>
date: Fri Sep 26 08:53:42 2014 +0200
summary: base: remove setgid/setuid calls in execute_timed [#1138]
changeset: 5969:ead18326c13b
tag: tip
parent: 5965:1c0e1876ef7b
user: Hans Feldt <[email protected]>
date: Fri Sep 26 08:53:42 2014 +0200
summary: base: remove setgid/setuid calls in execute_timed [#1138]
---
** [tickets:#1138] opensaf as non root cannot be started in a container**
**Status:** fixed
**Milestone:** 4.3.3
**Created:** Fri Sep 26, 2014 06:43 AM UTC by Hans Feldt
**Last Updated:** Fri Sep 26, 2014 06:53 AM UTC
**Owner:** nobody
OpenSAF (non root) fails to start in a linux container. Reason is that AMF
started components such as SMFD runs as opensaf/opensaf but get changed to
whatever the binaries was installed as. The start fails because the processes
cannot write their PID files into the directory /var/run/opensaf which is owned
by opensaf.
This was a not so well thought idea in ncs_os_process_execute_timed() that was
supposed to get more security.
Besides these are system calls executed in between fork() and exec() which we
have had lots of problems with before.
This "feature" should be removed.
---
Sent from sourceforge.net because [email protected] is
subscribed to https://sourceforge.net/p/opensaf/tickets/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/opensaf/admin/tickets/options. Or, if this is a
mailing list, you can unsubscribe from the mailing list.
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Opensaf-tickets mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/opensaf-tickets
