Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1480791 - /usr/libexec/sesh -> /usr/libexec/sudo/sesh needs policy update
/usr/libexec/sesh -> /usr/libexec/sudo/sesh needs policy update
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy (Show other bugs)
7.4
All Linux
high Severity high
: rc
: ---
Assigned To: Lukas Vrabec
Milos Malik
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-11 17:47 EDT by Chris Cheney
Modified: 2018-04-10 08:40 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-04-10 08:38:21 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
rhel-7.3 -> rhel-7.4 files section changes (763 bytes, patch)
2017-08-14 06:40 EDT, Daniel Kopeček 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0763 None None None 2018-04-10 08:40 EDT

  None (edit)
Description Chris Cheney 2017-08-11 17:47:14 EDT 
sudo was rebased between 7.3 and 7.4 one of the changes was the following:

  2013-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>

        * configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in,
        src/load_plugins.c, sudo.pp:
        Sudo now stores its libexec files in a "sudo" subdirectory instead
        of in libexec itself. For backwards compatibility, if the plugin is
        not found in the default plugin directory, sudo will check the
        parent directory default directory ends in "/sudo".
        [5de67de76489]

This moved the following files into a sub directory and the patch for selinux-policy was not updated to match:

ls -al /usr/libexec/sudo
total 524
drwxr-xr-x.  2 root root    156 Aug 11 16:05 .
drwxr-xr-x. 42 root root  12288 Aug 11 16:05 ..
-rw-r--r--.  1 root root  11104 Jun  7 06:38 group_file.so
lrwxrwxrwx.  1 root root     21 Aug 11 16:05 libsudo_util.so.0 -> libsudo_util.so.0.0.0
-rw-r--r--.  1 root root  82120 Jun  7 06:38 libsudo_util.so.0.0.0
-rwxr-xr-x.  1 root root  15376 Jun  7 06:38 sesh
-rw-r--r--.  1 root root 388104 Jun  7 06:38 sudoers.so
-rw-r--r--.  1 root root   6880 Jun  7 06:38 sudo_noexec.so
-rw-r--r--.  1 root root   6928 Jun  7 06:38 system_group.so


policy-rhel-7.4-base.patch

-/usr/libexec/sesh              --      gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/libexec/cockpit-agent      --  gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/bin/cockpit-bridge         -- gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/libexec/sesh                      --      gen_context(system_u:object_r:shell_exec_t,s0)


This should be changed to:

+/usr/libexec/sudo/sesh                      --      gen_context(system_u:object_r:shell_exec_t,s0)
Comment 2 Chris Cheney 2017-08-11 17:48:58 EDT 
Looks like this has happened before with a prior move from /usr/sbin bz#848693
Comment 3 Daniel Kopeček 2017-08-14 06:40 EDT 
Created attachment 1313041 [details]
rhel-7.3 -> rhel-7.4 files section changes
Comment 9 errata-xmlrpc 2018-04-10 08:38:21 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0763
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.