Bug ID 1150366
Summary AUDIT-1: ceph-common: review of setgid directory /var/log/ceph
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter matthias.gerstner@suse.com
QA Contact qa-bugs@suse.de
CC jsegitz@suse.com, malte.kraus@suse.com, matthias.gerstner@suse.com, ncutler@suse.com
Blocks 1150189
Found By ---
Blocker --- 

+++ This bug was initially created as a clone of Bug #1150189
Like discussed in the proactive security team we want to catch up with
packages installing set*id items that haven't been whitelisted yet in the
permissions package. Formerly this rpmlint check type didn't cause badness and
therefore didn't require packagers to actually have them reviewed.

ceph-common is one of the packages installing a setgid directory that isn't
currently whitelisted:

/var/log/ceph drwxrws--T from ceph-common-14.2.2.354+g8878cf2360-1.1.x86_64.rpm

The secure use of this directory needs to be reviewed and if all is good a
whitelisting entry in all our permission profiles must be added.

You are receiving this mail because: