- Update to version 1699_20240223:
* chkstat: replace ProcMountState enum by simple bool member
* chkstat: minor style, spelling and documentation fixes
* chkstat: drop types.h header
* chkstat: make ProcMountState a private type of ChkStat
* chkstat: EntryProcessor: rename some member variables for improved readability
* chkstat: get rid of EntryContext and incorporate it into EntryProcessor
* chkstat: split-off EntryProcessor from Chkstat main class
* chkstat: define _GNU_SOURCE via Makefile
* chkstat: processEntries(): make loop variables const
* chkstat: split up checkHaveProc()
* chkstat: ProfileParser: fix a bug when applying capabilities in custom root
* chkstat: ProfileParser: make adding the root to paths transparent
* chkstat: ProfileParser: refactor the now reduced codebase
* chkstat: split off separate ProfileParser
* chkstat: ProfileEntry: mark dropXID() const to support const ProfileEntry use
* chkstat: parseProfile(): improve badProfileLine() calls
* chkstat: drop deprecated capability check
* chkstat: also move expandProfilePaths() into new VariableExpansions class
* chkstat: split off variable expansion logic into separate class
* chkstat: loadVariableExpansions(): a bit of refactoring
* chkstat: parseSysconfig(): bit of refactoring
* chkstat: remove deprecated CHECK_PERMISSIONS logic
* chkstat: move assorted types into dedicated header
* chkstat: replace #include guards by #pragma once
* chkstat: split off command line arguments from Chkstat main class
* chkstat: drop SaneValueArg wrapper
* chkstat: document new packages.d directory
* chkstat: drop TODO regarding ProfileEntry being changed on-the-fly
* chkstat: harmonize FileCapabilities API
* chkstat: support /usr/share/permissions/package.d for per-package drop-ins
* chkstat: minor coding style fixes
* chkstat: improve readability for rstrip() to strip trailing slashes
* chkstat: remove trailing slashes from paths found on the command line
* chkstat: add warning messages for rare error situations
* chkstat: open profiles right away without racy `access()` check.
- Remove fix_version.sh, handle version with services
OBS-URL: https://build.opensuse.org/request/show/1152267
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=333
- Created new subpackages -config, -doc and standalone package chkstat
where we can start a better versioning scheme and require it from the
- Replace references to /var/adm/fillup-templates with new
- kcheckpass/kdesud moved to %_libdir/kde4/libexec
- Xorg moved from /usr/X11R6/bin to /usr/bin; fixes build of
- don't build as root
- added /opt/gnome/sbin/change-passwd
- fpexec decrease go rights to 11
- inn scripts: u-w (not needed)
- require /sbin/SuSEconfig
adapted manpage
- chkstat: don't try to chown if not root
for i in permissions permissions.easy permissions.secure
awk '/^(#|$)/ { print $0; next; }
{ if(NF > 3) {printf("error: %s\n",$0);exit};
- fix group for isdnctrl uucp --> dialout (#28997)
- /var/mtrack -> /var/lib/mtrack
- zapping_setup_fb moved to /opt/gnome/sbin
- added hppa to rpm subsystem in permissions files to be able to
finish autobuild
- two more nethack flavors with sgid games in easy
- added prereq (#17956)
- modifications: -s for pppd, world-writeable directories for
- created package as split off from aaa_base
OBS-URL: https://build.opensuse.org/request/show/1144612
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=330
- Update to version 20240206:
* Whitelisting libgtop_server2 (bsc#1218921)
* Removing bogus whitespaces
* chkstat: harmonize and transform to a more compact coding and doc style
* gitignore: also ignore hidden ctags
* build: Create /usr/share/permissions/permissions.d for packagers
* profiles: drop /usr/sbin/lockdev which is no longer packaged in Factory
* profiles: drop /etc/ftpusers which is no longer shipped in netcfg
OBS-URL: https://build.opensuse.org/request/show/1144540
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=329
* libksysguard5: Updated path for ksgrd_network_helper
* kdesu: Updated path for kdesud
* sbin_dirs cleanup: these binaries have already been moved to /usr/sbin
* mariadb: revert auth_pam_tool to /usr/lib{,64} again
* cleanup: revert virtualbox back to plain /usr/lib
* cleanup: remove deprecated /etc/ssh/sshd_config
* hawk_invoke is not part of newer hawk2 packages anymore
* cleanup: texlive-filesystem: public now resides in libexec
* cleanup: authbind: helper now resides in libexec
* cleanup: polkit: the agent now also resides in libexec
* libexec cleanup: 'inn' news binaries now reside in libexec
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=298
- Update to version 20201111:
* squid: remove basic_pam_auth which doesn't need special perms (bsc#1171569)
* mgetty: remove long dead (or never existing) locks directory (bsc#1171882)
* adjust squid pinger path (bsc#1171569)
* profiles: remove now superfluous squid pinger paths (bsc#1171569)
* ksgrd_network_helper: remove obviously wrong path
* etc/permissions: remove unnecessary, duplicate, outdated entries
* chkstat: implement support for variables in profile paths in new
variables.conf
* man pages: add documentation about variables, update copyrights
* profiles: use new variables feature to remove redundant entries
* profiles: prepare /usr/sbin versions of profile entries (bsc#1029961)
* Makefile: support CXXFLAGS and LDFLAGS override / extension via make/env variables (bsc#1178475)
* Makefile: compile with LFO support to fix 32-bit emulation on 64-bit hosts (bsc#1178476)
* README: added information about know limitations of this approach
- adjusted spec file:
- package new variables.conf
- apply %{optflags} correctly via CXXFLAGS variable
- drop FSCAPS_DEFAULT_ENABLED which isn't recognized anymore by the
refactored chkstat sources. This is now the default.
OBS-URL: https://build.opensuse.org/request/show/847754
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=289
* rework permissions.local text (boo#1173221)
* dbus-1: adjust to new libexec dir location (bsc#1171164)
* permission profiles: reinstate kdesud for kde5
* etc/permissions: remove entries for bind-chrootenv
* etc/permissions: remove traceroute entry
* VirtualBox: remove outdated entry which is only a symlink any more
* /bin/su: remove path refering to symlink
* etc/permissions: remove legacy RPM directory entries
* /etc/permissions: remove outdated sudo directories
* singularity: remove outdated setuid-binary entries
* chromium: remove now unneeded chrome_sandbox entry (bsc#1163588)
* dbus-1: remove deprecated alternative paths
* PolicyKit: remove outdated entries last used in SLE-11
* pcp: remove no longer needed / conflicting entries
* gnats: remove entries for package removed from Factory
* kdelibs4: remove entries for package removed from Factory
* v4l-base: remove entries for package removed from Factory
* mailman: remove entries for package deleted from Factory
* gnome-pty-helper: remove dead entry no longer part of the vte package
* gnokii: remove entries for package no longer in Factory
* xawtv (v4l-conf): correct group ownership in easy profile
* systemd-journal: remove unnecessary profile entries
* thttp: make makeweb entry usable in the secure profile (bsc#1171580)
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=268
