Bug 213074

Summary: wrong permissions on /etc/setroubleshoot
Product: [Fedora] Fedora Reporter: Ben Liblit <liblit>
Component: setroubleshootAssignee: John Dennis <jdennis>
Status: CLOSED NEXTRELEASE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: medium    
Version: 6   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-10-31 15:43:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ben Liblit 2006-10-30 18:55:34 UTC
+++ This bug was initially created as a clone of Bug #211802 +++

Description of problem:


Version-Release number of selected component (if applicable):

setroubleshoot-1.0-1


How reproducible:

Consistently reproducible.


Steps to Reproduce:
1. remove the setroubleshoot rpm
2. manually remove the /etc/setroubleshoot directory
3. reinstall the setroubleshoot rpm
4. as non-root, run "sealert"

Actual results:

Script fails due to insufficient permissions on /etc/setroubleshoot directory,
and prints the following diagnostic output:

  Traceback (most recent call last):
    File "/usr/bin/sealert", line 45, in ?
      from setroubleshoot.browser import *
    File "/usr/lib/python2.4/site-packages/setroubleshoot/__init__.py", line 20,
in ?
      config_init()
    File "/usr/lib/python2.4/site-packages/setroubleshoot/config.py", line 303,
in config_init
      cfg = read_configuration(defaults)
    File "/usr/lib/python2.4/site-packages/setroubleshoot/config.py", line 317,
in read_configuration
      cfg.set(default_section,default_option,value)
    File "/usr/lib/python2.4/ConfigParser.py", line 639, in set
      raise TypeError("option values must be strings")
  TypeError: option values must be strings


Expected results:

Script should run as non-root.  Directory containing required configuration file
should be world readable and world executable.

Additional info:

setroubleshoot package does not claim to own the /etc/setroubleshoot directory.
 The directory is created at package install time, but with permissions that do
not allow access by non-root users.  Incidentally, this will also cause the
directory to be left behind, empty, should setroubleshoot be uninstalled later.

Comment 1 John Dennis 2006-10-31 15:43:20 UTC
Thank you for taking the time to diagnose and report the problem, it is very
much appreciated. I have applied the fix to the source tree and it will appear
in the next update.