SHA256
1
0
forked from pool/permissions
Commit Graph

261 Commits

Author SHA256 Message Date
88add7774f - Update to version 20170922:
* Allow setuid root for singularity (group only) bsc#1028304

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=171
2017-09-22 14:01:01 +00:00
d1bec6bd05 OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=169 2017-09-13 16:54:14 +00:00
79244e6f3c - Update to version 20170913:
* Allow setuid for shadow newuidmap, newgidmap bsc#979282, bsc#1048645)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=168
2017-09-13 16:53:54 +00:00
7155d612b4 OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=167 2017-09-06 09:50:43 +00:00
0bd1dfb4e3 * permissions - copy dbus-daemon-launch-helper from / to /usr - bsc#1056764
* permissions: Adding suid bit for VBoxNetNAT (bsc#1033425)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=166
2017-09-06 09:44:41 +00:00
f811efeca2 - Update to version 20170906:
*

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=165
2017-09-06 09:44:09 +00:00
f9313caa62 OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=164 2017-09-06 09:43:42 +00:00
c8a528761f OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=163 2017-09-06 09:43:17 +00:00
88cf747ec1 OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=162 2017-09-06 09:42:16 +00:00
0ca1d5fbf3 Accepting request 501680 from home:dimstar:Factory
- BuildIgnore group(trusted): we don't really care for this group
  in the buildroot and do not want to get system-users into the
  bootstrap cycle as we can avoid it.

OBS-URL: https://build.opensuse.org/request/show/501680
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=159
2017-06-07 11:15:04 +00:00
310cebf5b3 binaries and it is no longer default. (bsc#1041159 for fuse, also cronie, etc)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=158
2017-06-03 07:23:37 +00:00
c7d23f34dd - Require: group(trusted), as we are handing it out to some unsuspecting
binaries and it is no longer default.

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=157
2017-06-03 07:22:19 +00:00
f06adee271 - Update to version 20170602:
* make /etc/ppp owned by root:root. The group dialout usage is no longer used

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=156
2017-06-02 10:55:29 +00:00
80e970fabb OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=155 2017-06-02 10:54:25 +00:00
ba70df90ac OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=154 2017-06-02 10:53:34 +00:00
eddb42f8dc OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=152 2016-08-07 12:03:52 +00:00
f28a99e103 - Update to version 20160807:
* suexec2 is a symlink, no need for permissions handling

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=151
2016-08-07 12:03:42 +00:00
96c844533d * root:shadow 0755 for newuidmap/newgidmap
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=150
2016-08-02 08:53:04 +00:00
fb322ba460 - Update to version 20160802:
* root:shadow 0755 for newuidmap/newgidmap

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=149
2016-08-02 08:51:37 +00:00
8edde370cc - Update to version 20160802:
* list the newuidmap and newgidmap, currently 0755 until review is done (bsc#979282)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=148
2016-08-02 08:48:45 +00:00
aaf8e68ad8 - adding qemu-bridge-helper mode 04750 (bsc#988279)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=147
2016-08-02 08:29:53 +00:00
3b16bfa06f OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=146 2016-08-02 08:29:24 +00:00
6899251720 Accepting request 397400 from home:dimstar:branches:Base:System
- Introduce _service to easier update the package. For simplicity,
  change the version from yyyy.mm.dd to yyyymmdd (which is eactly
  %cd in the _service defintion). Upgrading is no problem.

It's up to the maintainer if you prefer this method or whatever you
currently use...

the _service allows to do an update with those commands:
===
osc co Base:System permissions
cd Base:System/permissions
rm *xz
osc service dr
osc ar
osc ci -m 'Update done'
===

It will add use the commit messages from git to formulate the .changelog in the form:
+ Update to version YYYYMMDD:
  - Git commitlog 1
  - Git commitlog 1

Feel free to use or reject

OBS-URL: https://build.opensuse.org/request/show/397400
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=144
2016-05-23 14:04:56 +00:00
5b294da664 Accepting request 397396 from home:msmeissn:branches:Base:System
- chage only needs read rights to /etc/shadow, so setgid shadow is sufficient (bsc#975352)

- permissions: adding gstreamer ptp file caps (bsc#960173)

OBS-URL: https://build.opensuse.org/request/show/397396
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=143
2016-05-23 09:01:41 +00:00
2026868fe9 Accepting request 353869 from home:msmeissn:branches:Base:System
- the apache folks renamed suexec2 to suexec with symlink. adjust both (bsc#962060)

OBS-URL: https://build.opensuse.org/request/show/353869
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=141
2016-01-15 14:42:31 +00:00
b6e28807c2 Accepting request 353278 from home:msmeissn:branches:Base:System
- pinger needs to be squid:root, not root:squid (there is no squid group) bsc#961363

- add suexec with 0755 to all standard profiles. this can and should be overridden in permissions.local if you need it setuid root. bsc#951765 bsc#263789
- added missing / to the squid specific directories (bsc#950557)

OBS-URL: https://build.opensuse.org/request/show/353278
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=140
2016-01-12 16:30:34 +00:00
7723b028aa Accepting request 334552 from home:msmeissn:branches:Base:System
- adjusted radosgw to root:www mode 0750 (bsc#943471)

OBS-URL: https://build.opensuse.org/request/show/334552
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=138
2015-09-28 14:36:36 +00:00
e1788e4035 Accepting request 334443 from home:msmeissn:branches:Base:System
- radosgw can get capability cap_bind_net_service (bsc#943471)

OBS-URL: https://build.opensuse.org/request/show/334443
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=137
2015-09-28 13:36:03 +00:00
caaf70201f Accepting request 311171 from home:msmeissn:branches:Base:System
- remove /usr/bin/get_printing_ticket; (bnc#906336)

OBS-URL: https://build.opensuse.org/request/show/311171
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=135
2015-06-08 16:26:06 +00:00
987b4c1e61 Accepting request 263879 from home:msmeissn:branches:Base:System
- Added iouyap capabilities (bnc#904060)

OBS-URL: https://build.opensuse.org/request/show/263879
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=133
2014-12-04 07:34:28 +00:00
55fdaea9a3 Accepting request 259902 from home:msmeissn:branches:Base:System
- %{_bindir}/get_printing_ticket turned to mode 700, setuid root no longer needed (bnc#685093)
- permissions: incorporating squid changes from bnc#891268
- hint that chkstat --system --set needs to be run after editing bnc#895647

OBS-URL: https://build.opensuse.org/request/show/259902
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=131
2014-11-05 17:23:09 +00:00
2b1381f5ed Accepting request 246515 from home:msmeissn:branches:Base:System
- Do not applies permissions from backup files (~ / .rpmsave / .rpmnew) (bnc#893370)
- do not mention SuSEconfig anymore, long dead (bnc#843083)

OBS-URL: https://build.opensuse.org/request/show/246515
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=129
2014-08-26 13:05:22 +00:00
1febc609ea Accepting request 243379 from home:msmeissn:branches:Base:System
- append a / to /var/log/journal so the framework makes sure it is a directory bnc#888151

OBS-URL: https://build.opensuse.org/request/show/243379
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=127
2014-08-01 11:42:04 +00:00
dba36f4d8f Accepting request 242029 from home:msmeissn:branches:Base:System
- make innbind mode 4550  (bnc#876287)
- permissions: Adding systemd-journal directory (bnc#888151)

OBS-URL: https://build.opensuse.org/request/show/242029
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=125
2014-07-23 15:21:41 +00:00
111602a6c6 Accepting request 241753 from home:msmeissn:branches:Base:System
- permissions: Adding new kdesud path for KDE5 (bnc#872276)

OBS-URL: https://build.opensuse.org/request/show/241753
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=124
2014-07-21 14:12:53 +00:00
d1796cf746 Accepting request 239152 from home:msmeissn:branches:Base:System
- vlock_main lost its permission checking, so remove from here.

OBS-URL: https://build.opensuse.org/request/show/239152
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=122
2014-07-01 11:47:17 +00:00
18b3eed942 Accepting request 237512 from home:msmeissn:branches:Base:System
- opiesu,wodim,vlock-main have no setuid root. (bnc#882035)

OBS-URL: https://build.opensuse.org/request/show/237512
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=120
2014-06-16 11:52:40 +00:00
087979a9c5 Accepting request 236354 from home:msmeissn:branches:Base:System
- tighten /etc/crontab to be always mode 600, even in easy (bnc#867799)

OBS-URL: https://build.opensuse.org/request/show/236354
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=119
2014-06-05 08:16:53 +00:00
d83696ead0 Accepting request 230216 from home:msmeissn:branches:Base:System
- duplicate /var/run entries to /run (bnc#873708)

OBS-URL: https://build.opensuse.org/request/show/230216
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=117
2014-04-15 14:41:18 +00:00
9ff01a3be5 Accepting request 227299 from home:msmeissn:branches:Base:System
- permissions: incorporating capability for mtr, removing +s from ping
  (bnc#865351)

OBS-URL: https://build.opensuse.org/request/show/227299
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=115
2014-03-24 11:46:57 +00:00
1f41a98c1b Accepting request 205002 from home:msmeissn:branches:Base:System
- GIT repo moved to GITHUB.

OBS-URL: https://build.opensuse.org/request/show/205002
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=113
2013-10-28 12:14:20 +00:00
564e2045ec Accepting request 204986 from home:msmeissn:branches:Base:System
- removed the setuid bit from "eject" (bnc#824406)

OBS-URL: https://build.opensuse.org/request/show/204986
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=112
2013-10-28 10:49:53 +00:00
2e919d23e6 Accepting request 195995 from home:msmeissn:branches:Base:System
- do not use magic constants for strlen (bnc#834790

OBS-URL: https://build.opensuse.org/request/show/195995
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=110
2013-08-22 12:29:38 +00:00
88e93f4949 Accepting request 195810 from home:msmeissn:branches:Base:System
- Chrome sandbox also allowed to be setuid root in secure mode now (bnc#718016)

- use PERMISSION_FSCAPS

- it is PERMISSIONS_FSCAPS (bnc#834790)
- qemu-bridge-helper has no special privileges currently (bnc#765948)

OBS-URL: https://build.opensuse.org/request/show/195810
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=108
2013-08-21 13:06:40 +00:00
f7167a7542 Accepting request 178641 from home:msmeissn:branches:Base:System
- utempter helper binary moved in new version to /usr/lib/utempter/utempter (bnc#823302)

OBS-URL: https://build.opensuse.org/request/show/178641
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=106
2013-06-12 12:36:35 +00:00
13ae92871b Accepting request 178510 from home:msmeissn:branches:Base:System
- cdrtools: allow some filesystem capabilities for more stable CD/DVD
  burning in "easy" mode. (bnc#550021) (cap_sys_nice, cap_sys_rawio,
  cap_sys_resource, cap_ipc_lock)

OBS-URL: https://build.opensuse.org/request/show/178510
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=105
2013-06-11 09:35:05 +00:00
e63c733ea5 Accepting request 174833 from home:msmeissn:branches:Base:System
- leave out readcd,cdda2wav,cdrecord until it is ready for the distro (bnc#550021)

OBS-URL: https://build.opensuse.org/request/show/174833
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=103
2013-05-08 14:33:37 +00:00
d81cf5b7b7 Accepting request 174491 from home:msmeissn:branches:Base:System
- cdrecord currently has no special permissions approved (bnc#550021)
- append a /

OBS-URL: https://build.opensuse.org/request/show/174491
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=101
2013-05-04 14:49:12 +00:00
Dr. Werner Fink
3c85079215 Accepting request 150329 from home:msmeissn:branches:Base:System
- Allow pcp to have stickybit worldwriteable directories

OBS-URL: https://build.opensuse.org/request/show/150329
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=99
2013-01-30 13:37:31 +00:00
a8e8840bc1 Accepting request 143274 from home:msmeissn:branches:Base:System
- add /usr/bin/dumpcap to watchlist
- make fscaps=1 the default on ""
- added PERMISSION_FSCAPS to the sysconfig/security fillup template.
- /bin/ping(6) was moved to /usr/bin/ping(6) /bin/eject was moved to /usr/bin/eject

OBS-URL: https://build.opensuse.org/request/show/143274
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=97
2012-11-30 13:21:16 +00:00