mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-01 20:05:46 +00:00
spec: Restrict virt-login-shell usage
https://bugzilla.redhat.com/show_bug.cgi?id=1033614 As virt-login-shell is an SUID binary, we should restrict its usage to just the users chosen by an administrator to use virt-login-shell as their login shell. This can easily be done by making the binary executable only by users from a new virtlogin group.
This commit is contained in:
parent
cc38d68dc1
commit
0ee2364319
@ -1727,6 +1727,12 @@ if getent group sanlock > /dev/null ; then
|
|||||||
fi
|
fi
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%if %{with_lxc}
|
||||||
|
%pre login-shell
|
||||||
|
getent group virtlogin >/dev/null || groupadd -r virtlogin
|
||||||
|
exit 0
|
||||||
|
%endif
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%defattr(-, root, root)
|
%defattr(-, root, root)
|
||||||
|
|
||||||
@ -2072,7 +2078,7 @@ fi
|
|||||||
|
|
||||||
%if %{with_lxc}
|
%if %{with_lxc}
|
||||||
%files login-shell
|
%files login-shell
|
||||||
%attr(4755, root, root) %{_bindir}/virt-login-shell
|
%attr(4750, root, virtlogin) %{_bindir}/virt-login-shell
|
||||||
%config(noreplace) %{_sysconfdir}/libvirt/virt-login-shell.conf
|
%config(noreplace) %{_sysconfdir}/libvirt/virt-login-shell.conf
|
||||||
%{_mandir}/man1/virt-login-shell.1*
|
%{_mandir}/man1/virt-login-shell.1*
|
||||||
%endif
|
%endif
|
||||||
|
Loading…
Reference in New Issue
Block a user