Hi *,
I have a few question regarding the files /etc/permissions* and chkstat
on a Tumbleweed system:
According to the man pages and docs, chkstat is called whenever a
configuration change was made. And chkstat should look into
/etc/sysconfig/security to find the permissions.<type> file(s) to use.
I have configured
PERMISSION_SECURITY="easy local"
PERMISSION_FSCAPS="yes"
in my /etc/sysconfig/security file so chstat should use
/etc/permissions.easy and
/etc/permissions.local
and it should honour capability settings in these files.
In /etc/permissions.local I have
/usr/bin/gnome-keyring-daemon root:root 0755
+capabilities cap_ipc_lock=+ep
But everytime an update for the gnome-keyring package gets installed,
the keyring daemon misses the configured capabilities.
So obviously chkstat isn't called in this case.
What configurations changes are meant by the docs then?
Shouldn't zypper also call chkstat after installation of all new
packages?
Or do I misunderstand the intention of the permissions package including
chkstat?
Thx and bye.
Michael.
--
Michael Hirmke
--
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org