Colin Guthrie wrote on 01/09/2021 14:40:
Colin Guthrie wrote on 01/09/2021 14:30:
rpm -qa | xargs rpm --setugids >/dev/null 2>&1
Correction: --restore is actually needed over --setugids as although
only the latter is strictly needed, it seems without the former the
setuid bits on e.g. /usr/bin/su etc are also reset, so --restore is the
required option to not break things in different ways! Sadly it's even
slower than --setugids (takes almost twice as long)
To get a little more exposure on this issue, I've opened
https://github.com/systemd/mkosi/issues/805
Cheers
Col
