Project

General

Profile

Actions

action #108040

closed

[security][sle][s390x] user console access 'ttysclp0' permission is correct

Added by Xiaojing_liu about 2 years ago. Updated about 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Enhancement to existing tests
Target version:
-
Start date:
2022-03-09
Due date:
% Done:

100%

Estimated time:
3.00 h
Difficulty:

Description

This bug https://bugzilla.suse.com/show_bug.cgi?id=1195620 has been fixed since build 108.1,
so we don't need to do the workaround.

##Suggestion
Could remove the workaround code


Related issues 1 (0 open1 closed)

Related to openQA Tests - action #106020: [security][sle][s390x] user console access 'ttysclp0' permission deniedResolvedrfan12022-02-07

Actions
Actions #1

Updated by Xiaojing_liu about 2 years ago

  • Category set to Enhancement to existing tests
Actions #2

Updated by Xiaojing_liu about 2 years ago

  • Related to action #106020: [security][sle][s390x] user console access 'ttysclp0' permission denied added
Actions #3

Updated by rfan1 about 2 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 10
  • Estimated time set to 3.00 h

Thanks Xiaojing,

commit e1f1414bcf672be16809cc3deb01789575b8772c (origin/s390x_ttysclp0, s390x_ttysclp0)
Author: rfan1 richard.fan@suse.com
Date: Mon Feb 7 03:40:12 2022 -0500

Make sure non-root user can access serialdev
diff --git a/lib/utils.pm b/lib/utils.pm
index b185e8e1d..05ac37b00 100644
--- a/lib/utils.pm
+++ b/lib/utils.pm
@@ -1259,7 +1259,8 @@ sub ensure_serialdev_permissions {
     else {
         # when serial getty is started, it changes the group of serialdev from dialout to tty (but doesn't change it back when stopped)
         # let's make sure that both will work
-        assert_script_run "chown $testapi::username /dev/$testapi::serialdev && usermod -a -G tty,dialout,\$(stat -c %G /dev/$testapi::serialdev) $testapi::username";
+        # based on bsc#1195620, let's restore file permission to '620'
+        assert_script_run "chmod 620 /dev/$testapi::serialdev && chown $testapi::username /dev/$testapi::serialdev && usermod -a -G tty,dialout,\$(stat -c %G /dev/$testapi::serialdev) $testapi::username";
     }
 }

I can revert this change.

Let me do some test with my own branch at first

Actions #4

Updated by rfan1 about 2 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 10 to 100
Actions

Also available in: Atom PDF