| Anonymous | Login | Signup for a new account | 2013-05-22 21:25 UTC |  |
| Main | My View | View Issues | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |||
| 0005845 | CentOS-5 | sudo | public | 2012-07-17 10:48 | 2012-08-07 19:48 | |||
| Reporter | ikseno | |||||||
| Priority | urgent | Severity | major | Reproducibility | always | |||
| Status | resolved | Resolution | fixed | |||||
| Platform | OS | OS Version | ||||||
| Product Version | 5.8 | |||||||
| Target Version | Fixed in Version | |||||||
| Summary | 0005845: Update of sudo sets wrong SELinux context on /etc/nsswitch.conf | |||||||
| Description | An update of sudo to version 1.7.2p1-14.el5_8 sets the SELinux context on /etc/nsswitch.conf to rpm_script_tmp_t, breaking things. 'restorecon /etc/nsswitch.conf' fixes this. | |||||||
| Steps To Reproduce | (Needs updated CentOS 5.8 without the just released update to sudo. sudo version prior to update is: 1.7.2p1-13.el5) $ ls -Z /etc/nsswitch.conf -rw-r--r-- root root root:object_r:etc_t nsswitch.conf $ yum -y update sudo $ ls -Z /etc/nsswitch.conf -rw-r--r-- root root root:object_r:rpm_script_tmp_t nsswitch.conf | |||||||
| Additional Information | I noticed that autofs did not work an a couple of machines where I just applied the current update of sudo. (Update to version 1.7.2p1-14.el5_8). Output in /var/log/messages would look like: ... automount[3010]: lookup_nss_mount: can't to read name service switch config. ... automount[3010]: nsswitch_parse:173: couldn't open /etc/nsswitch.conf Nothing in audit.log — maybe dontaudit rule? | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0015477) ikseno (reporter) 2012-07-17 11:06 |
I guess the culprit is the %postun script (affecting both versions of the package), which creates a file in %{_tmppath} and moves it later to /etc/nsswitch.conf: %postun # Remove the "sudoers:" line from nsswitch.conf if it's not modified if grep -q %{nsswitch_regex} "%{nsswitch_path}"; then rm -f "%{nsswitch_tmppath}" && \ touch "%{nsswitch_tmppath}" && \ grep -v %{nsswitch_regex} "%{nsswitch_path}" > "%{nsswitch_tmppath}" && \ mv -f "%{nsswitch_tmppath}" "%{nsswitch_path}" fi |
|
(0015479) range (administrator) 2012-07-17 15:12 |
See https://bugzilla.redhat.com/show_bug.cgi?id=818585 [^] - CentOS will fix it when RH does. |
|
(0015596) toracat (developer) 2012-08-07 19:48 |
The patched version of sudo came out today: http://rhn.redhat.com/errata/RHSA-2012-1149.html [^] http://lists.centos.org/pipermail/centos-announce/2012-August/018791.html [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2012-07-17 10:48 | ikseno | New Issue | |
| 2012-07-17 11:06 | ikseno | Note Added: 0015477 | |
| 2012-07-17 15:12 | range | Note Added: 0015479 | |
| 2012-08-07 19:48 | toracat | Note Added: 0015596 | |
| 2012-08-07 19:48 | toracat | Status | new => resolved |
| 2012-08-07 19:48 | toracat | Resolution | open => fixed |
|
Issue History |
| Copyright © 2000 - 2011 MantisBT Group |
 |