Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-106023

/usr/share/keylime/tpm_cert_store has incorrect ownership in RHEL image mode

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • No
    • None
    • rhel-security-special-projects
    • None
    • QE ack
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • Enabled
    • RegressionOnly
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      when installing keylime on an existing RHEL image mode system, /user/share/keylime/tpm_cert_store may not be owned by keylime user/group.

      dr-x------. 2 986 keylime 1341 Jan 1 1970 /usr/share/keylime/tpm_cert_store

      this applies to /usr/libexec/keylime/ as well.

      The problem is that these directories are under /usr which is read-only, therefore we cannot set the ownership through tpmfiles.d.

      Seems that the content under /usr should be owned by root:root and permissions should be updated accordingly.
      755 for /usr/libexec/keylime/
      644 for /user/share/keylime/tpm_cert_store/*

              scorreia@redhat.com Sergio Correia
              ksrot@redhat.com Karel Srot
              Sergio Correia Sergio Correia
              Karel Srot Karel Srot
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: