Mailinglist Archive: opensuse-bugs (4376 mails)
| < Previous | Next > |
[Bug 682244] AUDIT-0: [11.5] review gnome-keyring
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Thu, 5 May 2011 17:19:22 +0000
- Message-id: <20110505171922.3675E24551E@molor.provo.novell.com>
https://bugzilla.novell.com/show_bug.cgi?id=682244
https://bugzilla.novell.com/show_bug.cgi?id=682244#c7
--- Comment #7 from Vincent Untz <vuntz@xxxxxxxxxx> 2011-05-05 17:19:21 UTC ---
(In reply to comment #6)
please package the file without fscaps and prepare the package for setuid
operation as usual. The chkstat program of the permissions package will at run
time automatically determine whether to turn on fscaps or use setuid. So the
program should be prepared to deal with both situations.
Just to clarify, is this what you expect:
- package %{_bindir}/gnome-keyring-daemon with "%verify(not mode caps)" but no
specific %attr nor %caps
- use a %post with:
%set_permissions %{_bindir}/gnome-keyring-daemon
- use a %verifyscript:
%verify_permissions -e %{_bindir}/gnome-keyring-daemon
As far as I can tell, the app can deal with both fscaps and setuid. However, if
it's not setuid and there's no fscap, it will simply refuse to run as it
considers it needs ipc_lock to operate securely (since it deals with storing
passwords and other sensitive data).
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
| < Previous | Next > |