Overview

File permissions-singularity-setuidroot.patch of Package permissions.13185

commit dea0b1c1274ea0d8cee5e451c75a23f0c9c4589b
Author: Andreas Stieger <astieger@suse.com>
Date:   Fri Sep 22 14:55:15 2017 +0200

    Allow setuid root for singularity (group only) bsc#1028304

diff --git a/permissions.easy b/permissions.easy
index be46b75..0e5198e 100644
--- a/permissions.easy
+++ b/permissions.easy
@@ -336,6 +336,14 @@
 # wireshark (not yet)
 /usr/bin/dumpcap					root:root	  0755
 
+# singularity (bsc#1028304)
+/usr/lib/singularity/bin/expand-suid			root:singularity  4750
+/usr/lib/singularity/bin/mount-suid			root:singularity  4750	
+/usr/lib/singularity/bin/create-suid			root:singularity  4750	
+/usr/lib/singularity/bin/action-suid			root:singularity  4750	
+/usr/lib/singularity/bin/export-suid			root:singularity  4750	
+/usr/lib/singularity/bin/import-suid			root:singularity  4750
+
 #
 # XXX: / -> /usr merge and sbin -> bin merge
 # XXX: duplicated entries need to be cleaned up before 12.2
@@ -384,7 +392,6 @@
 /usr/lib/gstreamer-1.0/gst-ptp-helper			root:root	0755
  +capabilities cap_net_bind_service=ep
 
-
 #
 # suexec is only secure if the document root doesn't contain files
 # writeable by wwwrun. Make sure you have a safe server setup
diff --git a/permissions.paranoid b/permissions.paranoid
index f2b5793..2ec2036 100644
--- a/permissions.paranoid
+++ b/permissions.paranoid
@@ -347,6 +347,14 @@
 # wireshark (not yet)
 /usr/bin/dumpcap					root:root	  0755
 
+# singularity (bsc#1028304)
+/usr/lib/singularity/bin/expand-suid			root:singularity  0750
+/usr/lib/singularity/bin/mount-suid			root:singularity  0750	
+/usr/lib/singularity/bin/create-suid			root:singularity  0750	
+/usr/lib/singularity/bin/action-suid			root:singularity  0750	
+/usr/lib/singularity/bin/export-suid			root:singularity  0750	
+/usr/lib/singularity/bin/import-suid			root:singularity  0750
+
 #
 # XXX: / -> /usr merge and sbin -> bin merge
 # XXX: duplicated entries need to be cleaned up before 12.2
diff --git a/permissions.secure b/permissions.secure
index cee94e2..8f4c1cb 100644
--- a/permissions.secure
+++ b/permissions.secure
@@ -375,6 +375,14 @@
 # wireshark (not yet)
 /usr/bin/dumpcap					root:root	  0755
 
+# singularity (bsc#1028304)
+/usr/lib/singularity/bin/expand-suid			root:singularity  4750
+/usr/lib/singularity/bin/mount-suid			root:singularity  4750	
+/usr/lib/singularity/bin/create-suid			root:singularity  4750	
+/usr/lib/singularity/bin/action-suid			root:singularity  4750	
+/usr/lib/singularity/bin/export-suid			root:singularity  4750	
+/usr/lib/singularity/bin/import-suid			root:singularity  4750
+
 #
 # XXX: / -> /usr merge and sbin -> bin merge
 # XXX: duplicated entries need to be cleaned up before 12.2
openSUSE Build Service is sponsored by
Places