Project

General

Profile

Actions

Bug #13815

closed

Trusted extensions /etc/security/tsol/label_encodings file installed with wrong permissions during gate build

Added by Klaus Ziegler about 1 year ago. Updated 12 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
system data
Start date:
Due date:
% Done:

100%

Estimated time:
1.00 h
Difficulty:
Bite-size
Tags:
label_encodings wrong perm CLOSED_ROOT
Gerrit CR:

Description

During a illumos-gate build, trusted extensions: /etc/security/tsol/label_encodings file is installed with the wrong permissions. The closed binary archive includes this file with permissions r--r--r but the mainfest expects it to be r--------.

Actions #1

Updated by Electric Monk about 1 year ago

  • Gerrit CR set to 1504
Actions #2

Updated by Klaus Ziegler 12 months ago

The OpenIndiana illumos-closed package delivers /etc/security/tsol/label_encodings with wrong permissions:
klausz@legolas % ls l /opt/onbld/closed/root_i386-nd/etc/security/tsol/label_encodings
-r--r--r-
1 root bin 2966 Feb. 18 15:50 /opt/onbld/closed/root_i386-nd/etc/security/tsol/label_encodings
To change the permission in the OI illumos-closed package isn't an option, because we normally build the gate a non privileged
user and therefore wouldn't be able to read the file from /opt with perms 0400.
Note: it only happens if you set CLOSED_ROOT and not ON_CLOSED_BINS in the build .env file.

Actions #3

Updated by Electric Monk 12 months ago

  • Status changed from New to Closed
  • % Done changed from 80 to 100

git commit 05c0ef072824e9e875c8b4ba7db90d3d270fccf7

commit  05c0ef072824e9e875c8b4ba7db90d3d270fccf7
Author: Klaus Ziegler <klausz@haus-gisela.de>
Date:   2021-06-01T02:20:35.000Z

    13815 Trusted extensions /etc/security/tsol/label_encodings file installed with wrong permissions during gate build
    Reviewed by: Andy Fiddaman <andy@omnios.org>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Approved by: Robert Mustacchi <rm@fingolfin.org>

Actions

Also available in: Atom PDF