From 37d28b541ea7a67bd1fd975e1c537036122adc299376cae86cc2a61b00709a76 Mon Sep 17 00:00:00 2001 From: Alberto Planas Dominguez Date: Fri, 15 Jul 2022 13:34:46 +0000 Subject: [PATCH] Accepting request 989450 from home:aplanas:branches:security - Update to version 0.1.0+git.1657303637.5b9072a: * keys_handler: Use scopes to drop mutexes before await * Enable usage of Rust IMA emulator in E2E tests. * ima_emulator: Support PCR hash algorithms other than SHA-1 * ima_entry: add IMA entry parser ported from Python Keylime * algorithms: Add conversion between our hash algorithms and OpenSSL's * Remove unused functions revocation_ip_get and revocation_port_get. Change String to &str. * Adjust function usage comments to account for new parameters. * Load config file less at startup in src/common.rs * GNUmakefile: Make target dependencies explicit * permissions: Set supplementary groups when dropping privileges * main: Use more descriptive message for missing files error * Show path when fail to load the certificate * tpm: Add serialization functions for structures in quotes - Requires tpm2.0-abrmd dependency, as the kernel resource manager could be not enough - Downgrade /var/run/keylime permissions - Set "run_as" parameter to "keylime:tss" - Create the keylime user via systemd - Fix keylime service home directory - Add 0001-main-die-when-cannot-drop-privileges.patch to avoid the execution as root when the run_as user is missing in the system OBS-URL: https://build.opensuse.org/request/show/989450 OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=21 --- rust-keylime.changes | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rust-keylime.changes b/rust-keylime.changes index 8978fa2..a2681e6 100644 --- a/rust-keylime.changes +++ b/rust-keylime.changes @@ -21,6 +21,8 @@ Tue Jul 12 09:20:39 UTC 2022 - aplanas@suse.com - Set "run_as" parameter to "keylime:tss" - Create the keylime user via systemd - Fix keylime service home directory +- Add 0001-main-die-when-cannot-drop-privileges.patch to avoid the + execution as root when the run_as user is missing in the system ------------------------------------------------------------------- Wed Jun 22 08:45:20 UTC 2022 - Alberto Planas Dominguez