Bug 1422542

Summary: Missing chdir call after chroot
Product: [Fedora] Fedora Reporter: Jiří Vymazal <jvymazal>
Component: rsyslogAssignee: Jiří Vymazal <jvymazal>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 26CC: dkopecek, jlieskov, jvymazal, lkundrak, mah.darade, rsroka, tosykora
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: rsyslog-8.25.0-2.fc24 rsyslog-8.25.0-2.fc25 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-13 23:50:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
proposed patch
none
proposed patch none

Description Jiří Vymazal 2017-02-15 13:59:14 UTC 
Description of problem:
Rsyslog has (with the -T cmd-line option) option to perform chroot call immediately after starting. However it does not perform any chdir call before or after it. This is violating security policy imposed by rpmlint to prevent processes easy chroot jail escape.


Steps to Reproduce:
1. run rpmlint on any rsyslog RPM

Actual results:
rsyslog.x86_64: E: missing-call-to-chdir-with-chroot /usr/sbin/rsyslogd

Expected results:
no errors reported

Additional info:
Comment 1 Jiří Vymazal 2017-02-15 15:34:49 UTC 
Created attachment 1250635 [details]
proposed patch
Comment 2 Jiří Vymazal 2017-02-15 15:35:40 UTC 
added patch and corresponding upstream issue
Comment 3 Jiří Vymazal 2017-02-17 09:16:51 UTC 
patch pushed to rawhide in rsyslog 8.24.0-5
Comment 4 Jiří Vymazal 2017-02-20 12:56:30 UTC 
Created attachment 1255677 [details]
proposed patch
Comment 5 Jiří Vymazal 2017-02-20 12:57:33 UTC 
corrected typo in patch, also fixed in rawhide in rsyslog 8.24.0-6
Comment 6 Fedora End Of Life 2017-02-28 11:18:21 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle.
Changing version to '26'.
Comment 7 Fedora Update System 2017-03-02 13:21:56 UTC 
rsyslog-8.25.0-2.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2d16edab7
Comment 8 Fedora Update System 2017-03-02 13:22:39 UTC 
rsyslog-8.25.0-2.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-92e2b77ddc
Comment 9 Fedora Update System 2017-03-03 04:53:33 UTC 
rsyslog-8.25.0-2.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2d16edab7
Comment 10 Fedora Update System 2017-03-03 05:24:11 UTC 
rsyslog-8.25.0-2.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-92e2b77ddc
Comment 11 Fedora Update System 2017-03-13 23:50:30 UTC 
rsyslog-8.25.0-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2017-03-13 23:54:42 UTC 
rsyslog-8.25.0-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2017-03-14 02:21:02 UTC 
rsyslog-8.25.0-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.