pool/salt
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
239 Commits 2 Branches 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Dominique Leuenberger 70cc3b4d6e Accepting request 966247 from systemsmanagement:saltstack 
- Fix salt-ssh opts poisoning (bsc#1197637)
- Added:
  * fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch

- Fix multiple security issues (bsc#1197417)
- * Sign authentication replies to prevent MiTM (CVE-2022-22935)
- * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934)
- * Prevent job and fileserver replays (CVE-2022-22936)
- * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941)
- Added:
  * fix-multiple-security-issues-bsc-1197417.patch

OBS-URL: https://build.opensuse.org/request/show/966247
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/salt?expand=0&rev=127
2022-04-04 17:26:11 +00:00
_lastrevision
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:437
2022-03-31 14:45:34 +00:00
_service
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
.gitattributes
Accepting request 175205 from devel:languages:python
2013-05-16 09:38:22 +00:00
.gitignore
Accepting request 175205 from devel:languages:python
2013-05-16 09:38:22 +00:00
3003.3-do-not-consider-skipped-targets-as-failed-for.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
3003.3-postgresql-json-support-in-pillar-423.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
activate-all-beacons-sources-config-pillar-grains.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:374
2021-01-08 12:41:50 +00:00
add-custom-suse-capabilities-as-grains.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
add-environment-variable-to-know-if-yum-is-invoked-f.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
add-migrated-state-and-gpg-key-management-functions-.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
add-missing-ansible-module-functions-to-whitelist-in.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:432
2022-02-08 14:02:38 +00:00
add-publish_batch-to-clearfuncs-exposed-methods.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:374
2021-01-08 12:41:50 +00:00
add-rpm_vercmp-python-library-for-version-comparison.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
add-salt-ssh-support-with-venv-salt-minion-3004-493.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:435
2022-02-28 15:31:11 +00:00
add-sleep-on-exception-handling-on-minion-connection.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:384
2021-03-01 13:55:56 +00:00
add-standalone-configuration-file-for-enabling-packa.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:374
2021-01-08 12:41:50 +00:00
adds-explicit-type-cast-for-port.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:419
2021-09-27 10:08:32 +00:00
allow-vendor-change-option-with-zypper.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:419
2021-09-27 10:08:32 +00:00
async-batch-implementation.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:419
2021-09-27 10:08:32 +00:00
avoid-excessive-syslogging-by-watchdog-cronjob-58.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:374
2021-01-08 12:41:50 +00:00
batch.py-avoid-exception-when-minion-does-not-respon.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:374
2021-01-08 12:41:50 +00:00
bsc-1176024-fix-file-directory-user-and-group-owners.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:374
2021-01-08 12:41:50 +00:00
check-if-dpkgnotify-is-executable-bsc-1186674-376.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:418
2021-09-16 07:59:31 +00:00
debian-info_installed-compatibility-50453.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
dnfnotify-pkgset-plugin-implementation-3002.2-450.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:427
2021-11-16 11:00:40 +00:00
do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:419
2021-09-27 10:08:32 +00:00
don-t-use-shell-sbin-nologin-in-requisites.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:418
2021-09-16 07:59:31 +00:00
drop-serial-from-event.unpack-in-cli.batch_async.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:430
2022-02-01 09:50:25 +00:00
early-feature-support-config.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
enable-passing-a-unix_socket-for-mysql-returners-bsc.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
enhance-logging-when-inotify-beacon-is-missing-pyino.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:418
2021-09-16 07:59:31 +00:00
enhance-openscap-module-add-xccdf_eval-call-386.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
fix-bsc-1065792.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:419
2021-09-27 10:08:32 +00:00
fix-crash-when-calling-manage.not_alive-runners.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:423
2021-10-13 15:24:29 +00:00
fix-exception-in-yumpkg.remove-for-not-installed-pac.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
fix-for-suse-expanded-support-detection.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:374
2021-01-08 12:41:50 +00:00
fix-inspector-module-export-function-bsc-1097531-481.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:430
2022-02-01 09:50:25 +00:00
fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:427
2021-11-16 11:00:40 +00:00
fix-issue-2068-test.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:374
2021-01-08 12:41:50 +00:00
fix-issues-with-salt-ssh-s-extra-filerefs.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
fix-missing-minion-returns-in-batch-mode-360.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:418
2021-09-16 07:59:31 +00:00
fix-multiple-security-issues-bsc-1197417.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:436
2022-03-31 08:43:42 +00:00
fix-salt-call-event.send-call-with-grains-and-pillar.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:432
2022-02-08 14:02:38 +00:00
fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:437
2022-03-31 14:45:34 +00:00
fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:377
2021-01-12 12:57:50 +00:00
fix-the-regression-for-yumnotify-plugin-456.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:427
2021-11-16 11:00:40 +00:00
fix-traceback.print_exc-calls-for-test_pip_state-432.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
fix-wrong-test_mod_del_repo_multiline_values-test-af.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:419
2021-09-27 10:08:32 +00:00
fixes-56144-to-enable-hotadd-profile-support.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:419
2021-09-27 10:08:32 +00:00
force-zyppnotify-to-prefer-packages.db-than-packages.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:377
2021-01-12 12:57:50 +00:00
html.tar.bz2
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:432
2022-02-08 14:02:38 +00:00
implementation-of-held-unheld-functions-for-state-pk.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
implementation-of-suse_ip-execution-module-bsc-10999.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:419
2021-09-27 10:08:32 +00:00
improvements-on-ansiblegate-module-354.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
include-aliases-in-the-fqdns-grains.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
info_installed-works-without-status-attr-now.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
let-salt-ssh-use-platform-python-binary-in-rhel8-191.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:374
2021-01-08 12:41:50 +00:00
make-aptpkg.list_repos-compatible-on-enabled-disable.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:419
2021-09-27 10:08:32 +00:00
make-setup.py-script-to-not-require-setuptools-9.1.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:374
2021-01-08 12:41:50 +00:00
mock-ip_addrs-in-utils-minions.py-unit-test-443.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
notify-beacon-for-debian-ubuntu-systems-347.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:393
2021-04-13 15:36:55 +00:00
prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
prevent-shell-injection-via-pre_flight_script_args-4.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:435
2022-02-28 15:31:11 +00:00
read-repo-info-without-using-interpolation-bsc-11356.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:374
2021-01-08 12:41:50 +00:00
README.SUSE
Accepting request 339485 from devel:languages:python
2015-10-19 20:52:40 +00:00
refactor-and-improvements-for-transactional-updates-.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
restore-default-behaviour-of-pkg-list-return.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:419
2021-09-27 10:08:32 +00:00
return-the-expected-powerpc-os-arch-bsc-1117995.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:419
2021-09-27 10:08:32 +00:00
revert-fixing-a-use-case-when-multiple-inotify-beaco.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
run-salt-api-as-user-salt-bsc-1064520.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:374
2021-01-08 12:41:50 +00:00
run-salt-master-as-dedicated-salt-user.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
salt-tmpfiles.d
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:418
2021-09-16 07:59:31 +00:00
salt.changes
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:437
2022-03-31 14:45:34 +00:00
salt.spec
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:437
2022-03-31 14:45:34 +00:00
state.apply-don-t-check-for-cached-pillar-errors.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
state.orchestrate_single-does-not-pass-pillar-none-4.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:435
2022-02-28 15:31:11 +00:00
support-transactional-systems-microos.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
switch-firewalld-state-to-use-change_interface.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
temporary-fix-extend-the-whitelist-of-allowed-comman.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:419
2021-09-27 10:08:32 +00:00
transactional_update.conf
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:418
2021-09-16 07:59:31 +00:00
travis.yml
Accepting request 438684 from systemsmanagement:saltstack:testing
2016-11-06 11:48:16 +00:00
update-documentation.sh
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:374
2021-01-08 12:41:50 +00:00
update-target-fix-for-salt-ssh-to-process-targets-li.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
use-adler32-algorithm-to-compute-string-checksums.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
v3004.tar.gz
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:430
2022-02-01 09:50:25 +00:00
x509-fixes-111.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00
zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:428
2022-01-27 15:38:33 +00:00

README.SUSE 

Salt-master as non-root user
============================

With this version of salt the salt-master will run as salt user.

Why an extra user
=================

While the current setup runs the master as root user, this is considered a security issue
and not in line with the other configuration management tools (eg. puppet) which runs as a
dedicated user. 

How can I undo the change
=========================

If you would like to make the change before you can do the following steps manually:
1. change the user parameter in the master configuration
   user: root
2. update the file permissions:
   as root: chown -R root /etc/salt /var/cache/salt /var/log/salt /var/run/salt
3. restart the salt-master daemon:
   as root: rcsalt-master restart or systemctl restart salt-master

NOTE
====

Running the salt-master daemon as a root user is considers by some a security risk, but
running as root, enables the pam external auth system, as this system needs root access to check authentication.

For more information:
http://docs.saltstack.com/en/latest/ref/configuration/nonroot.html
Description
No description provided
Readme 40 MiB
Languages
Shell 91.3%
Makefile 8.7%