Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-5631

avahi package has incorrect owner:group defined in payload for /var/run/avahi-daemon

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-8.10.z
    • rhel-8.6.0
    • avahi
    • avahi-0.7-27.el8_10.1
    • None
    • None
    • rhel-sst-cs-plumbers
    • ssg_core_services
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • If docs needed, set a value
    • None

      Description of problem:
      When installing the avahi rpm, the provided /var/run/avahi-daemon directory has root:root ownership as seen in 'rpm -qlv | grep avahi' output. Once the service is started, ownership is changed to avahi:avahi. This causes a CAT I STIG security finding.

      Version-Release number of selected component (if applicable):
      avahi-0.7-20.el8.x86_64

      How reproducible:
      Every time

      Steps to Reproduce:
      1. dnf install avahi
      2. "rpm -qlv avahi | grep 'var/run/avahi-daemon'" and note ownership
      3. systemctl start avahi-daemon
      4. "ls -ld /var/run/avahi-daemon" and note difference in ownership

      Actual results:
      Ownership in provided /var/run/avahi-daemon differ from /var/run/avahi-daemon after starting the service

      Expected results:
      Ownership in provided /var/run/avahi-daemon match the same after starting the service

      Additional info:
      The same or similar issue was previously reported in RHEL 7 but was designated 'wontfix'. Bug 1770402. I could not find this reported in RHEL 8, but hopefully I did not miss something if it has been.

              msekleta@redhat.com Michal Sekletar
              rhn-support-ngarrett Neil Garrett
              Michal Sekletar Michal Sekletar
              Daniel Rusek Daniel Rusek
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: