Summary: | sys-apps/portage: portage user only assumes portage group with FEATURES=userpriv | ||
---|---|---|---|
Product: | Portage Development | Reporter: | Sascha G. <s.geschwandtner> |
Component: | Core | Assignee: | Portage team <dev-portage> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kaiowas, rockoo |
Priority: | High | Keywords: | InVCS |
Version: | 2.1 | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 147007 | ||
Attachments: |
Example ebuild to show which groups the portage user is in at specific points.
call setgroups with all groups that the portage user belongs to |
Description
Sascha G.
2006-06-22 09:26:09 UTC
(In reply to comment #0) Sorry, I have been proofreading this three times, but it somehow slipped through. I just want to correct this, in case it might be unclear otherwise: This makes it, for example, impossible to use the TPE (Trusted Path Execution) extension in the hardened kernel cleanly, which relies on a special group to grant privileges to execute programs in certain directories. Created attachment 90642 [details]
Example ebuild to show which groups the portage user is in at specific points.
Confirmed with user portage in the tpe group - with inverted option (trusted group), './configure's fail. Created attachment 100050 [details, diff]
call setgroups with all groups that the portage user belongs to
This is fixed in svn r4760.
This has been released in 2.1.2_pre3-r6. *** Bug 98604 has been marked as a duplicate of this bug. *** |