Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-77785

tss group should not be defined through nss-altfiles

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Undefined Undefined
    • None
    • rhel-10.0
    • tpm2-tss
    • None
    • No
    • None
    • rhel-kernel-security
    • ssg_core_kernel
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • All
    • None

      What were you trying to do that didn't work?

      Because the tss group is defined through nss-altfiles in /usr/lib/group, other packages (like keylime) that need their systemd-sysusers created account to be added to tss group cannot do that.

      tpm2-tss already ships the sysusers conf file so probably the group should be created this way.

      Please, see additional details on the issue in https://issues.redhat.com/browse/BIFROST-618

      What is the impact of this issue to you?

      cannot add keylime user to the tss group on a system in image mode.

      Please provide the package NVR for which the bug is seen:

      tpm2-tss-4.1.3-5.el10

      How reproducible is this bug?:

      always

      Steps to reproduce

      1. see reproducer in https://issues.redhat.com/browse/BIFROST-618
      2.  
      3.  

      Expected results

      tss group is created dynamically, keylime user can be added to tss group

      Actual results

      tss group is hardcoded in /usr/lib/group, keylime cannot be added to the group

              shoracek@redhat.com Štěpán Horáček
              ksrot@redhat.com Karel Srot
              Štěpán Horáček Štěpán Horáček
              Vilem Marsik Vilem Marsik
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: