Bug ID | 1048645 |
---|---|
Summary | Missing setuid bit on `newuidmap` and `newgidmap` binaries |
Classification | openSUSE |
Product | openSUSE Tumbleweed |
Version | Current |
Hardware | x86-64 |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Basesystem |
Assignee | bnc-team-screening@forge.provo.novell.com |
Reporter | evan@evanw.org |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
I tried launching a new Fedora LXC container on a fresh Tumbleweed install and got errors about `newuidmap` and/or `newgidmap` having incorrect permissions. > lxc_conf - conf.c:lxc_map_ids:3377 - Either one or both of the newuidmap and newgidmap binaries do not exist or are missing necessary privilege According to this Github issue, they should both have permissions 04755: https://github.com/lxc/lxc/issues/1555 However, `stat` reports that they instead are 0755: > localhost:/home/plug # stat `which newuidmap` > File: /usr/bin/newuidmap > Size: 37888 Blocks: 80 IO Block: 4096 regular file > Device: 28h/40d Inode: 50857 Links: 1 > Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 15/ shadow) > Access: 2017-06-23 03:17:12.000000000 -0400 > Modify: 2017-06-23 03:17:12.000000000 -0400 > Change: 2017-07-13 18:47:16.284028298 -0400 > Birth: - > localhost:/home/plug # stat `which newgidmap` > File: /usr/bin/newgidmap > Size: 37888 Blocks: 80 IO Block: 4096 regular file > Device: 28h/40d Inode: 50855 Links: 1 > Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 15/ shadow) > Access: 2017-06-23 03:17:12.000000000 -0400 > Modify: 2017-06-23 03:17:12.000000000 -0400 > Change: 2017-07-13 18:47:16.280028298 -0400 > Birth: - System Info: > localhost:/home/plug # cat /etc/*release > NAME="openSUSE Tumbleweed" > # VERSION="20170710" > ID=opensuse > ID_LIKE="suse" > VERSION_ID="20170710" > PRETTY_NAME="openSUSE Tumbleweed" > ANSI_COLOR="0;32" > CPE_NAME="cpe:/o:opensuse:tumbleweed:20170710" > BUG_REPORT_URL="https://bugs.opensuse.org" > HOME_URL="https://www.opensuse.org/" > localhost:/home/plug # uname -a > Linux localhost 4.11.8-1-default #1 SMP PREEMPT Thu Jun 29 14:37:33 UTC 2017 (42bd7a0) x86_64 x86_64 x86_64 GNU/Linux