From 08c7ceb5dff3db5ba28de8370bae23f4bf6ec444 Mon Sep 17 00:00:00 2001
From: Jamie Nguyen <j@jamielinux.com>
Date: Fri, 13 Nov 2015 14:17:02 +0000
Subject: Permit filesystem group to be root

---
 changes/bug17562-allow-root-group-read | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 changes/bug17562-allow-root-group-read

(limited to 'changes')

diff --git a/changes/bug17562-allow-root-group-read b/changes/bug17562-allow-root-group-read
new file mode 100644
index 0000000000..7a0903c662
--- /dev/null
+++ b/changes/bug17562-allow-root-group-read
@@ -0,0 +1,6 @@
+  o Minor bug fixes:
+    - If any directory created by Tor is marked as group readable, the
+      filesystem group is allowed to be either the default GID or the root
+      user. Allowing root to read the DataDirectory prevents the need for
+      CAP_READ_SEARCH when using systemd's CapabilityBoundingSet, or
+      dac_read_search when using SELinux.
-- 
cgit v1.2.3-54-g00ecf