[Arm-dev] Wrong permissions on /etc/sysconfig/network-scripts

Fri May 20 11:30:54 UTC 2016
Fabian Arrotin <arrfab at centos.org>

On 20/05/16 13:07, (GalaxyMaster) wrote:
> Hello,
> 
> On Fri, May 20, 2016 at 8:35 PM, (GalaxyMaster)
> <gm.outside+arm-dev at gmail.com> wrote:
>>
>> I've just downloaded the image, put it onto the card and booted up my
>> Pi3 from it.  The following I noticed right away:
> 
> Looked a bit further and it looks that whoever set the system up was
> not careful enough with the ownership of directories/files:
> ===
> [root at centos-rpi3 /]# find / -xdev \( -nouser -o -nogroup \) -ls
>  19531    4 drwxr-xr-x   2 1000     1000         4096 Nov 27 16:23 /etc/rbf
>  19538    4 -rw-r--r--   1 1000     1000           92 Mar 15 16:20
> /etc/rbf/board.xml
>    448    4 drwxr-xr-x   6 1000     1000         4096 May 20 10:51
> /etc/sysconfig
>    348    4 -rw-rw-r--   1 1000     1000          198 Mar 15 16:20 /etc/fstab
>    349    4 -rw-rw-r--   1 1000     1000           11 Mar 15 16:20 /etc/hostname
> [root at centos-rpi3 /]#
> ===
> 
> These all should be owned by root:root and permissions for directories
> should be 0755 while files should be 0644.  It would be really great
> if the image could do it right.
> 
> Is there a defined way to contribute to the build system and the
> process of releasing the image, by the way?
> 
> --
> (GM)

Thanks for your report. I had a quick look and it's due to the tool used
to generate the RootFS. I'll try to modify it in the post-scripts that
are launched after the RootFS creation to modify those back to default
owner:group.
You can find the original version here : https://github.com/mndar/rbf
while I was using the forked version here : https://github.com/arrfab/rbf

WRT selinux, you've probably seen that there isn't even an upstream
kernel from rpi supporting selinux. With some efforts, we were able to
add the required config (and so the kernel that we build/ship supports
selinux) but then it conflicts with the default el7 policy (the way that
 specific kernel is allocating memory).
That's the reason why the current rpi3 has selinux in permissive mode.


-- 
Fabian Arrotin
The CentOS Project | http://www.centos.org
gpg key: 56BEC54E | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/arm-dev/attachments/20160520/ead69063/attachment-0006.sig>