http://bugzilla.suse.com/show_bug.cgi?id=1171879 Bug ID: 1171879 Summary: screen: /var/run/uscreens conflict between systemd-tmpfiles and permissions entries Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: mls@suse.com Reporter: matthias.gerstner@suse.com QA Contact: qa-bugs@suse.de CC: alexander_naumov@opensuse.org, security-team@suse.de Found By: --- Blocker: --- There is an ongoing effort to cleanup the entries in the permissions profiles. In this context we found out that the screen package is currently using two different mechanisms for setting the permissions of /var/run/uscreens. Original the permissions have been set via the permissions package which uses the following paths and settings in its different profiles: permissions.paranoid: /var/run/uscreens/ root:trusted 1775 permissions.paranoid: /run/uscreens/ root:trusted 1775 permissions.easy: /var/run/uscreens/ root:root 1777 permissions.easy: /run/uscreens/ root:root 1777 permissions.secure: /var/run/uscreens/ root:root 1777 permissions.secure: /run/uscreens/ root:root 1777 For a long time already screen also ships a tmpfiles.d entry which currently looks like this: $ cat /usr/lib/tmpfiles.d/screen.conf # Screen needs some files in /run: d /run/screens 0755 root root - d /run/uscreens 1777 root root - Luckily the permissions are the same for the easy and secure permissions profiles. If anybody is using the paranoid profile then `systemd-tmpfiles` and `chkstat` will fight against each other and switch the directory's mode back and forth. I suggest to rely only on the tmpfiles.d entry in the future. Therefore I'd remove the above entries from all permissions profiles. For this I'd like to get your input if this is okay for you. Furthermore you need to remove the invocations of `%set_permissions` and `%verify_permissions` from the screen package's spec file. -- You are receiving this mail because: You are on the CC list for the bug.