Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-106023

/usr/share/keylime/tpm_cert_store has incorrect ownership in RHEL image mode

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • keylime-7.12.1-14.el10
    • No
    • Moderate
    • rhel-security-special-projects
    • 26
    • 1
    • QE ack
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • Unspecified Release Note Type - Unknown
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      when installing keylime on an existing RHEL image mode system, /user/share/keylime/tpm_cert_store may not be owned by keylime user/group.

      dr-x------. 2 986 keylime 1341 Jan 1 1970 /usr/share/keylime/tpm_cert_store

      this applies to /usr/libexec/keylime/ as well.

      The problem is that these directories are under /usr which is read-only, therefore we cannot set the ownership through tpmfiles.d.

      Seems that the content under /usr should be owned by root:root and permissions should be updated accordingly.
      755 for /usr/libexec/keylime/
      644 for /user/share/keylime/tpm_cert_store/*

              scorreia@redhat.com Sergio Correia
              ksrot@redhat.com Karel Srot
              Sergio Correia Sergio Correia
              Karel Srot Karel Srot
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated: