| Summary: | app-admin/logrotate executable installs into /usr/bin instead of /usr/sbin | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | rjgleits |
| Component: | Hardened | Assignee: | Chema Alonso Josa (RETIRED) <nimiux> |
| Status: | RESOLVED OBSOLETE | ||
| Severity: | normal | CC: | hanno, hardened, jstein |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | AMD64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | emerge --info logrotate | ||
Thanks for the report, one year ago logrotate binary was move from /usr/sbin to /usr/bin for a normal user to use it: https://bugs.gentoo.org/show_bug.cgi?id=588156 @hanno: any situation in which a normal user should run logrotate? No response in a long time. Closing... |
Created attachment 472874 [details] emerge --info logrotate I notice that the logrotate executable is installed into /usr/bin. The standard selinux policy (i.e., reference policy that is also used in gentoo) expects it to be installed in /usr/sbin. If logrotate isn't there, it doesn't get assigned access rights it needs and as a result doesn't work if you are in enforcing mode. According to the FHS, I would say that every user does not need to use logrotate, it is used by the system and admins, and therefore should be in /usr/sbin. Can I humbly request that the ebuild be changed so that logrotate installs into /usr/sbin? Or whatever it is that determines where it is installed. Best Wishes, Bob Gleitsmann