pool/permissions
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
255 Commits 1 Branch 0 Tags 1,023 KiB
fb9861a55a
Commit Graph

255 Commits

This Branch
This Branch
All Branches
Author SHA256 Message Date
Marcus Meissner
f9313caa62 OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=164 2017-09-06 09:43:42 +00:00
Marcus Meissner
c8a528761f OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=163 2017-09-06 09:43:17 +00:00
Marcus Meissner
88cf747ec1 OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=162 2017-09-06 09:42:16 +00:00
Marcus Meissner
0ca1d5fbf3 Accepting request 501680 from home:dimstar:Factory 
- BuildIgnore group(trusted): we don't really care for this group
  in the buildroot and do not want to get system-users into the
  bootstrap cycle as we can avoid it.

OBS-URL: https://build.opensuse.org/request/show/501680
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=159
 2017-06-07 11:15:04 +00:00
Marcus Meissner
310cebf5b3 binaries and it is no longer default. (bsc#1041159 for fuse, also cronie, etc) 
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=158
 2017-06-03 07:23:37 +00:00
Marcus Meissner
c7d23f34dd - Require: group(trusted), as we are handing it out to some unsuspecting 
binaries and it is no longer default.

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=157
 2017-06-03 07:22:19 +00:00
Marcus Meissner
f06adee271 - Update to version 20170602: 
* make /etc/ppp owned by root:root. The group dialout usage is no longer used

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=156
 2017-06-02 10:55:29 +00:00
Marcus Meissner
80e970fabb OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=155 2017-06-02 10:54:25 +00:00
Marcus Meissner
ba70df90ac OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=154 2017-06-02 10:53:34 +00:00
Marcus Meissner
eddb42f8dc OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=152 2016-08-07 12:03:52 +00:00
Marcus Meissner
f28a99e103 - Update to version 20160807: 
* suexec2 is a symlink, no need for permissions handling

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=151
 2016-08-07 12:03:42 +00:00
Marcus Meissner
96c844533d * root:shadow 0755 for newuidmap/newgidmap 
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=150
 2016-08-02 08:53:04 +00:00
Marcus Meissner
fb322ba460 - Update to version 20160802: 
* root:shadow 0755 for newuidmap/newgidmap

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=149
 2016-08-02 08:51:37 +00:00
Marcus Meissner
8edde370cc - Update to version 20160802: 
* list the newuidmap and newgidmap, currently 0755 until review is done (bsc#979282)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=148
 2016-08-02 08:48:45 +00:00
Marcus Meissner
aaf8e68ad8 - adding qemu-bridge-helper mode 04750 (bsc#988279) 
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=147
 2016-08-02 08:29:53 +00:00
Marcus Meissner
3b16bfa06f OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=146 2016-08-02 08:29:24 +00:00
Marcus Meissner
6899251720 Accepting request 397400 from home:dimstar:branches:Base:System 
- Introduce _service to easier update the package. For simplicity,
  change the version from yyyy.mm.dd to yyyymmdd (which is eactly
  %cd in the _service defintion). Upgrading is no problem.

It's up to the maintainer if you prefer this method or whatever you
currently use...

the _service allows to do an update with those commands:
===
osc co Base:System permissions
cd Base:System/permissions
rm *xz
osc service dr
osc ar
osc ci -m 'Update done'
===

It will add use the commit messages from git to formulate the .changelog in the form:
+ Update to version YYYYMMDD:
  - Git commitlog 1
  - Git commitlog 1

Feel free to use or reject

OBS-URL: https://build.opensuse.org/request/show/397400
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=144
 2016-05-23 14:04:56 +00:00
Marcus Meissner
5b294da664 Accepting request 397396 from home:msmeissn:branches:Base:System 
- chage only needs read rights to /etc/shadow, so setgid shadow is sufficient (bsc#975352)

- permissions: adding gstreamer ptp file caps (bsc#960173)

OBS-URL: https://build.opensuse.org/request/show/397396
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=143
 2016-05-23 09:01:41 +00:00
Marcus Meissner
2026868fe9 Accepting request 353869 from home:msmeissn:branches:Base:System 
- the apache folks renamed suexec2 to suexec with symlink. adjust both (bsc#962060)

OBS-URL: https://build.opensuse.org/request/show/353869
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=141
 2016-01-15 14:42:31 +00:00
Marcus Meissner
b6e28807c2 Accepting request 353278 from home:msmeissn:branches:Base:System 
- pinger needs to be squid:root, not root:squid (there is no squid group) bsc#961363

- add suexec with 0755 to all standard profiles. this can and should be overridden in permissions.local if you need it setuid root. bsc#951765 bsc#263789
- added missing / to the squid specific directories (bsc#950557)

OBS-URL: https://build.opensuse.org/request/show/353278
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=140
 2016-01-12 16:30:34 +00:00
Marcus Meissner
7723b028aa Accepting request 334552 from home:msmeissn:branches:Base:System 
- adjusted radosgw to root:www mode 0750 (bsc#943471)

OBS-URL: https://build.opensuse.org/request/show/334552
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=138
 2015-09-28 14:36:36 +00:00
Marcus Meissner
e1788e4035 Accepting request 334443 from home:msmeissn:branches:Base:System 
- radosgw can get capability cap_bind_net_service (bsc#943471)

OBS-URL: https://build.opensuse.org/request/show/334443
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=137
 2015-09-28 13:36:03 +00:00
Marcus Meissner
caaf70201f Accepting request 311171 from home:msmeissn:branches:Base:System 
- remove /usr/bin/get_printing_ticket; (bnc#906336)

OBS-URL: https://build.opensuse.org/request/show/311171
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=135
 2015-06-08 16:26:06 +00:00
Marcus Meissner
987b4c1e61 Accepting request 263879 from home:msmeissn:branches:Base:System 
- Added iouyap capabilities (bnc#904060)

OBS-URL: https://build.opensuse.org/request/show/263879
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=133
 2014-12-04 07:34:28 +00:00
Marcus Meissner
55fdaea9a3 Accepting request 259902 from home:msmeissn:branches:Base:System 
- %{_bindir}/get_printing_ticket turned to mode 700, setuid root no longer needed (bnc#685093)
- permissions: incorporating squid changes from bnc#891268
- hint that chkstat --system --set needs to be run after editing bnc#895647

OBS-URL: https://build.opensuse.org/request/show/259902
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=131
 2014-11-05 17:23:09 +00:00
Marcus Meissner
2b1381f5ed Accepting request 246515 from home:msmeissn:branches:Base:System 
- Do not applies permissions from backup files (~ / .rpmsave / .rpmnew) (bnc#893370)
- do not mention SuSEconfig anymore, long dead (bnc#843083)

OBS-URL: https://build.opensuse.org/request/show/246515
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=129
 2014-08-26 13:05:22 +00:00
Marcus Meissner
1febc609ea Accepting request 243379 from home:msmeissn:branches:Base:System 
- append a / to /var/log/journal so the framework makes sure it is a directory bnc#888151

OBS-URL: https://build.opensuse.org/request/show/243379
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=127
 2014-08-01 11:42:04 +00:00
Marcus Meissner
dba36f4d8f Accepting request 242029 from home:msmeissn:branches:Base:System 
- make innbind mode 4550  (bnc#876287)
- permissions: Adding systemd-journal directory (bnc#888151)

OBS-URL: https://build.opensuse.org/request/show/242029
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=125
 2014-07-23 15:21:41 +00:00
Marcus Meissner
111602a6c6 Accepting request 241753 from home:msmeissn:branches:Base:System 
- permissions: Adding new kdesud path for KDE5 (bnc#872276)

OBS-URL: https://build.opensuse.org/request/show/241753
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=124
 2014-07-21 14:12:53 +00:00
Marcus Meissner
d1796cf746 Accepting request 239152 from home:msmeissn:branches:Base:System 
- vlock_main lost its permission checking, so remove from here.

OBS-URL: https://build.opensuse.org/request/show/239152
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=122
 2014-07-01 11:47:17 +00:00
Marcus Meissner
18b3eed942 Accepting request 237512 from home:msmeissn:branches:Base:System 
- opiesu,wodim,vlock-main have no setuid root. (bnc#882035)

OBS-URL: https://build.opensuse.org/request/show/237512
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=120
 2014-06-16 11:52:40 +00:00
Marcus Meissner
087979a9c5 Accepting request 236354 from home:msmeissn:branches:Base:System 
- tighten /etc/crontab to be always mode 600, even in easy (bnc#867799)

OBS-URL: https://build.opensuse.org/request/show/236354
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=119
 2014-06-05 08:16:53 +00:00
Marcus Meissner
d83696ead0 Accepting request 230216 from home:msmeissn:branches:Base:System 
- duplicate /var/run entries to /run (bnc#873708)

OBS-URL: https://build.opensuse.org/request/show/230216
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=117
 2014-04-15 14:41:18 +00:00
Marcus Meissner
9ff01a3be5 Accepting request 227299 from home:msmeissn:branches:Base:System 
- permissions: incorporating capability for mtr, removing +s from ping
  (bnc#865351)

OBS-URL: https://build.opensuse.org/request/show/227299
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=115
 2014-03-24 11:46:57 +00:00
Marcus Meissner
1f41a98c1b Accepting request 205002 from home:msmeissn:branches:Base:System 
- GIT repo moved to GITHUB.

OBS-URL: https://build.opensuse.org/request/show/205002
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=113
 2013-10-28 12:14:20 +00:00
Marcus Meissner
564e2045ec Accepting request 204986 from home:msmeissn:branches:Base:System 
- removed the setuid bit from "eject" (bnc#824406)

OBS-URL: https://build.opensuse.org/request/show/204986
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=112
 2013-10-28 10:49:53 +00:00
Marcus Meissner
2e919d23e6 Accepting request 195995 from home:msmeissn:branches:Base:System 
- do not use magic constants for strlen (bnc#834790

OBS-URL: https://build.opensuse.org/request/show/195995
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=110
 2013-08-22 12:29:38 +00:00
Marcus Meissner
88e93f4949 Accepting request 195810 from home:msmeissn:branches:Base:System 
- Chrome sandbox also allowed to be setuid root in secure mode now (bnc#718016)

- use PERMISSION_FSCAPS

- it is PERMISSIONS_FSCAPS (bnc#834790)
- qemu-bridge-helper has no special privileges currently (bnc#765948)

OBS-URL: https://build.opensuse.org/request/show/195810
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=108
 2013-08-21 13:06:40 +00:00
Marcus Meissner
f7167a7542 Accepting request 178641 from home:msmeissn:branches:Base:System 
- utempter helper binary moved in new version to /usr/lib/utempter/utempter (bnc#823302)

OBS-URL: https://build.opensuse.org/request/show/178641
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=106
 2013-06-12 12:36:35 +00:00
Marcus Meissner
13ae92871b Accepting request 178510 from home:msmeissn:branches:Base:System 
- cdrtools: allow some filesystem capabilities for more stable CD/DVD
  burning in "easy" mode. (bnc#550021) (cap_sys_nice, cap_sys_rawio,
  cap_sys_resource, cap_ipc_lock)

OBS-URL: https://build.opensuse.org/request/show/178510
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=105
 2013-06-11 09:35:05 +00:00
Marcus Meissner
e63c733ea5 Accepting request 174833 from home:msmeissn:branches:Base:System 
- leave out readcd,cdda2wav,cdrecord until it is ready for the distro (bnc#550021)

OBS-URL: https://build.opensuse.org/request/show/174833
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=103
 2013-05-08 14:33:37 +00:00
Marcus Meissner
d81cf5b7b7 Accepting request 174491 from home:msmeissn:branches:Base:System 
- cdrecord currently has no special permissions approved (bnc#550021)
- append a /

OBS-URL: https://build.opensuse.org/request/show/174491
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=101
 2013-05-04 14:49:12 +00:00
Dr. Werner Fink
3c85079215 Accepting request 150329 from home:msmeissn:branches:Base:System 
- Allow pcp to have stickybit worldwriteable directories

OBS-URL: https://build.opensuse.org/request/show/150329
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=99
 2013-01-30 13:37:31 +00:00
Marcus Meissner
a8e8840bc1 Accepting request 143274 from home:msmeissn:branches:Base:System 
- add /usr/bin/dumpcap to watchlist
- make fscaps=1 the default on ""
- added PERMISSION_FSCAPS to the sysconfig/security fillup template.
- /bin/ping(6) was moved to /usr/bin/ping(6) /bin/eject was moved to /usr/bin/eject

OBS-URL: https://build.opensuse.org/request/show/143274
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=97
 2012-11-30 13:21:16 +00:00
Ludwig Nussel
8449923ee4 - apply permissions settings in %post. During initial installation 
some packages might be installed before the permissions package
  due to dependency loops so we need to make sure their settings
  are applied too. Also, on update of the permissions package
  changed permission settings may need to be applied.

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=95
 2012-11-21 14:01:07 +00:00
Ludwig Nussel
2708dcae9f update changelog 
coreutils to util-linux needs to be reverted as soon as util-linux
  is also in

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=93
 2012-10-15 11:50:02 +00:00
Ludwig Nussel
b526458851 - temporarily add su.core 
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=92
 2012-10-15 11:49:16 +00:00
Cristian Rodríguez
3fc393435b Accepting request 135933 from home:msmeissn:branches:Base:System 
- no longer install SuSEconfig.permissions, SuSEconfig is gone.

OBS-URL: https://build.opensuse.org/request/show/135933
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=90
 2012-09-25 19:26:09 +00:00
Marcus Meissner
95c9a0c2fa Accepting request 127268 from home:msmeissn:branches:Base:System 
- enable ecryptfs-utils setuid root mount wrapper (bnc#740110) in .easy

OBS-URL: https://build.opensuse.org/request/show/127268
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=88
 2012-07-06 14:11:34 +00:00
Ludwig Nussel
417c0cbeb9 - remove /var/run/vi.recover (bnc#765288) 
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=87
 2012-06-04 11:37:35 +00:00