rpms / systemd

Clone
Source Code
GIT

Blame 0138-importd-add-CAP_DAC_OVERRIDE-capability.patch

c10s-sig-hyperscale c10s-sig-hyperscale-v255 c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale c9s-sig-hyperscale-v255
  1.   ef7b485f69bd70708360c62c85342f4a6672cb84
  2.   0138-importd-add-CAP_DAC_OVERRIDE-capability.patch
Blob History Raw
Zbigniew Jędrzejewski-Szmek ef7b48 
From 989f43ac4c07d47147facd62d3703d3d97b50e01 Mon Sep 17 00:00:00 2001
Zbigniew Jędrzejewski-Szmek ef7b48 
From: Lubomir Rintel <lkundrak@v3.sk>
Zbigniew Jędrzejewski-Szmek ef7b48 
Date: Mon, 13 Apr 2015 19:46:59 +0200
Zbigniew Jędrzejewski-Szmek ef7b48 
Subject: [PATCH] importd: add CAP_DAC_OVERRIDE capability
Zbigniew Jędrzejewski-Szmek ef7b48
Zbigniew Jędrzejewski-Szmek ef7b48 
Fedora's filesystem package ships /usr/bin (and other directories) which are
Zbigniew Jędrzejewski-Szmek ef7b48 
not writable by its owner. machinectl pull-dkr (and possibly others) are not
Zbigniew Jędrzejewski-Szmek ef7b48 
able to extract those:
Zbigniew Jędrzejewski-Szmek ef7b48
Zbigniew Jędrzejewski-Szmek ef7b48 
  14182 mkdirat(3, "usr", 0700)           = 0
Zbigniew Jędrzejewski-Szmek ef7b48 
  14182 mkdirat(3, "usr/bin", 0500)       = 0
Zbigniew Jędrzejewski-Szmek ef7b48 
  14182 openat(3, "usr/bin/[", O_WRONLY|O_CREAT|O_EXCL|O_NOCTTY|O_NONBLOCK|O_CLOEXEC, 0700) = -1 EACCES (Permission denied)
Zbigniew Jędrzejewski-Szmek ef7b48 
  ...
Zbigniew Jędrzejewski-Szmek ef7b48
Zbigniew Jędrzejewski-Szmek ef7b48 
(cherry picked from commit 15d7b51724cc9775f03f2af4d3eec7f48f39f7de)
Zbigniew Jędrzejewski-Szmek ef7b48 
---
Zbigniew Jędrzejewski-Szmek ef7b48 
 units/systemd-importd.service.in | 2 +-
Zbigniew Jędrzejewski-Szmek ef7b48 
 1 file changed, 1 insertion(+), 1 deletion(-)
Zbigniew Jędrzejewski-Szmek ef7b48
Zbigniew Jędrzejewski-Szmek ef7b48 
diff --git a/units/systemd-importd.service.in b/units/systemd-importd.service.in
Zbigniew Jędrzejewski-Szmek ef7b48 
index 26759ea0fb..45e98fd320 100644
Zbigniew Jędrzejewski-Szmek ef7b48 
--- a/units/systemd-importd.service.in
Zbigniew Jędrzejewski-Szmek ef7b48 
+++ b/units/systemd-importd.service.in
Zbigniew Jędrzejewski-Szmek ef7b48 
@@ -12,7 +12,7 @@ Documentation=man:systemd-importd.service(8)
Zbigniew Jędrzejewski-Szmek ef7b48 
 [Service]
Zbigniew Jędrzejewski-Szmek ef7b48 
 ExecStart=@rootlibexecdir@/systemd-importd
Zbigniew Jędrzejewski-Szmek ef7b48 
 BusName=org.freedesktop.import1
Zbigniew Jędrzejewski-Szmek ef7b48 
-CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP
Zbigniew Jędrzejewski-Szmek ef7b48 
+CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE
Zbigniew Jędrzejewski-Szmek ef7b48 
 NoNewPrivileges=yes
Zbigniew Jędrzejewski-Szmek ef7b48 
 WatchdogSec=1min
Zbigniew Jędrzejewski-Szmek ef7b48 
 PrivateTmp=yes

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation