rpm/salt
SHA256
1
0
Fork 0
forked from pool/salt
Code Pull Requests Activity
198 Commits 2 Branches 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Victor Zhestkov ae633bde18 Accepting request 1143453 from home:PSuarezHernandez:branches:systemsmanagement:saltstack 
- Prevent directory traversal when creating syndic cache directory
  on the master (CVE-2024-22231, bsc#1219430)
- Prevent directory traversal attacks in the master's serve_file
  method (CVE-2024-22232, bsc#1219431)
- Added:
  * fix-cve-2024-22231-and-cve-2024-22232-bsc-1219430-bs.patch

OBS-URL: https://build.opensuse.org/request/show/1143453
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=229
2024-02-01 17:10:28 +00:00
_lastrevision
Accepting request 1143453 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2024-02-01 17:10:28 +00:00
_service
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
.gitattributes
Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3
2017-11-16 09:11:11 +00:00
.gitignore
Accepting request 175205 from devel:languages:python
2013-05-16 09:38:22 +00:00
3005.1-implement-zypper-removeptf-573.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
3006.0-prevent-_pygit2.giterror-error-loading-known_.patch
Accepting request 1103185 from home:agraul:branches:systemsmanagement:saltstack
2023-08-10 11:32:54 +00:00
activate-all-beacons-sources-config-pillar-grains.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
add-custom-suse-capabilities-as-grains.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
add-environment-variable-to-know-if-yum-is-invoked-f.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
add-migrated-state-and-gpg-key-management-functions-.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
add-publish_batch-to-clearfuncs-exposed-methods.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
add-salt-ssh-support-with-venv-salt-minion-3004-493.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
add-sleep-on-exception-handling-on-minion-connection.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
add-standalone-configuration-file-for-enabling-packa.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
add-support-for-gpgautoimport-539.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
allow-all-primitive-grain-types-for-autosign_grains-.patch
Accepting request 1118342 from home:mczernek:branches:systemsmanagement:saltstack
2023-10-18 08:58:47 +00:00
allow-kwargs-for-fileserver-roots-update-bsc-1218482.patch
Accepting request 1141015 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2024-01-26 09:29:32 +00:00
allow-vendor-change-option-with-zypper.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
async-batch-implementation.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
avoid-conflicts-with-dependencies-versions-bsc-12116.patch
Accepting request 1103185 from home:agraul:branches:systemsmanagement:saltstack
2023-08-10 11:32:54 +00:00
avoid-excessive-syslogging-by-watchdog-cronjob-58.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
bsc-1176024-fix-file-directory-user-and-group-owners.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
change-the-delimeters-to-prevent-possible-tracebacks.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
control-the-collection-of-lvm-grains-via-config.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
debian-info_installed-compatibility-50453.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
define-__virtualname__-for-transactional_update-modu.patch
Accepting request 1103185 from home:agraul:branches:systemsmanagement:saltstack
2023-08-10 11:32:54 +00:00
dereference-symlinks-to-set-proper-__cli-opt-bsc-121.patch
Accepting request 1125700 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2023-11-13 16:40:59 +00:00
dnfnotify-pkgset-plugin-implementation-3002.2-450.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
do-not-fail-on-bad-message-pack-message-bsc-1213441-.patch
Accepting request 1105250 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2023-08-22 12:20:45 +00:00
do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
don-t-use-shell-sbin-nologin-in-requisites.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
drop-serial-from-event.unpack-in-cli.batch_async.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
early-feature-support-config.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
enable-keepalive-probes-for-salt-ssh-executions-bsc-.patch
Accepting request 1130201 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2023-12-01 12:24:54 +00:00
enable-passing-a-unix_socket-for-mysql-returners-bsc.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
enhance-openscap-module-add-xccdf_eval-call-386.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
fix-bsc-1065792.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
fix-calculation-of-sls-context-vars-when-trailing-do.patch
Accepting request 1114789 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2023-10-02 10:12:49 +00:00
fix-cve-2023-34049-bsc-1215157.patch
Accepting request 1121422 from home:agraul:branches:systemsmanagement:saltstack
2023-10-31 12:11:47 +00:00
fix-cve-2024-22231-and-cve-2024-22232-bsc-1219430-bs.patch
Accepting request 1143453 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2024-02-01 17:10:28 +00:00
fix-for-suse-expanded-support-detection.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
fix-gitfs-__env__-and-improve-cache-cleaning-bsc-119.patch
Accepting request 1125700 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2023-11-13 16:40:59 +00:00
fix-issue-2068-test.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
fix-missing-minion-returns-in-batch-mode-360.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
fix-optimization_order-opt-to-prevent-test-fails.patch
Accepting request 1114819 from home:vizhestkov:branches:systemsmanagement:saltstack
2023-10-02 14:14:56 +00:00
fix-ownership-of-salt-thin-directory-when-using-the-.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
fix-regression-multiple-values-for-keyword-argument-.patch
Accepting request 1103185 from home:agraul:branches:systemsmanagement:saltstack
2023-08-10 11:32:54 +00:00
fix-regression-with-depending-client.ssh-on-psutil-b.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
fix-some-issues-detected-in-salt-support-cli-module-.patch
Accepting request 1103185 from home:agraul:branches:systemsmanagement:saltstack
2023-08-10 11:32:54 +00:00
fix-tests-to-make-them-running-with-salt-testsuite.patch
Accepting request 1105250 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2023-08-22 12:20:45 +00:00
fix-the-aptpkg.py-unit-test-failure.patch
Accepting request 1139717 from home:mczernek:branches:systemsmanagement:saltstack
2024-01-18 13:41:50 +00:00
fix-the-regression-for-yumnotify-plugin-456.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
fix-the-regression-of-user.present-state-when-group-.patch
Accepting request 1103185 from home:agraul:branches:systemsmanagement:saltstack
2023-08-10 11:32:54 +00:00
fix-traceback.print_exc-calls-for-test_pip_state-432.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
fix-utf8-handling-in-pass-renderer-and-make-it-more-.patch
Accepting request 1103185 from home:agraul:branches:systemsmanagement:saltstack
2023-08-10 11:32:54 +00:00
fix-version-detection-and-avoid-building-and-testing.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
fixed-gitfs-cachedir_basename-to-avoid-hash-collisio.patch
Accepting request 1108239 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2023-08-31 10:03:35 +00:00
fixed-keyerror-in-logs-when-running-a-state-that-fai.patch
Accepting request 1141015 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2024-01-26 09:29:32 +00:00
fixes-for-python-3.10-502.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
html.tar.bz2
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
implement-the-calling-for-batch-async-from-the-salt-.patch
Accepting request 1114819 from home:vizhestkov:branches:systemsmanagement:saltstack
2023-10-02 14:14:56 +00:00
improve-pip-target-override-condition-with-venv_pip_.patch
Accepting request 1141015 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2024-01-26 09:29:32 +00:00
improve-salt.utils.json.find_json-bsc-1213293.patch
Accepting request 1115624 from home:vizhestkov:branches:systemsmanagement:saltstack
2023-10-04 13:56:37 +00:00
include-aliases-in-the-fqdns-grains.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
info_installed-works-without-status-attr-now.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
let-salt-ssh-use-platform-python-binary-in-rhel8-191.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
make-aptpkg.list_repos-compatible-on-enabled-disable.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
make-master_tops-compatible-with-salt-3000-and-older.patch
Accepting request 1103185 from home:agraul:branches:systemsmanagement:saltstack
2023-08-10 11:32:54 +00:00
make-setup.py-script-to-not-require-setuptools-9.1.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
make-sure-configured-user-is-properly-set-by-salt-bs.patch
Accepting request 1105250 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2023-08-22 12:20:45 +00:00
make-sure-the-file-client-is-destroyed-upon-used.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
mark-salt-3006-as-released-586.patch
Accepting request 1103185 from home:agraul:branches:systemsmanagement:saltstack
2023-08-10 11:32:54 +00:00
only-call-native_str-on-curl_debug-message-in-tornad.patch
Accepting request 1114819 from home:vizhestkov:branches:systemsmanagement:saltstack
2023-10-02 14:14:56 +00:00
pass-the-context-to-pillar-ext-modules.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
prefer-unittest.mock-for-python-versions-that-are-su.patch
Accepting request 1139717 from home:mczernek:branches:systemsmanagement:saltstack
2024-01-18 13:41:50 +00:00
prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
prevent-possible-exceptions-on-salt.utils.user.get_g.patch
Accepting request 1105250 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2023-08-22 12:20:45 +00:00
prevent-shell-injection-via-pre_flight_script_args-4.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
read-repo-info-without-using-interpolation-bsc-11356.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
README.SUSE
Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3
2017-11-16 09:11:11 +00:00
restore-default-behaviour-of-pkg-list-return.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
return-the-expected-powerpc-os-arch-bsc-1117995.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
revert-fixing-a-use-case-when-multiple-inotify-beaco.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
revert-make-sure-configured-user-is-properly-set-by-.patch
Accepting request 1126827 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2023-11-16 11:09:23 +00:00
revert-usage-of-long-running-req-channel-bsc-1213960.patch
Accepting request 1108392 from home:vizhestkov:branches:systemsmanagement:saltstack
2023-09-01 08:05:05 +00:00
run-salt-api-as-user-salt-bsc-1064520.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
run-salt-master-as-dedicated-salt-user.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
salt-tmpfiles.d
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:418
2021-09-16 07:59:31 +00:00
salt.changes
Accepting request 1143453 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2024-02-01 17:10:28 +00:00
salt.spec
Accepting request 1143453 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2024-02-01 17:10:28 +00:00
save-log-to-logfile-with-docker.build.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
skip-package-names-without-colon-bsc-1208691-578.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
switch-firewalld-state-to-use-change_interface.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
temporary-fix-extend-the-whitelist-of-allowed-comman.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
tornado-fix-an-open-redirect-in-staticfilehandler-cv.patch
Accepting request 1103185 from home:agraul:branches:systemsmanagement:saltstack
2023-08-10 11:32:54 +00:00
transactional_update.conf
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:418
2021-09-16 07:59:31 +00:00
travis.yml
Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3
2017-11-16 09:11:11 +00:00
update-__pillar__-during-pillar_refresh.patch
Accepting request 1139717 from home:mczernek:branches:systemsmanagement:saltstack
2024-01-18 13:41:50 +00:00
update-documentation.sh
osc copypac from project:systemsmanagement:saltstack:testing package:salt revision:374
2021-01-08 12:41:50 +00:00
update-target-fix-for-salt-ssh-to-process-targets-li.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
use-adler32-algorithm-to-compute-string-checksums.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
use-rlock-to-avoid-deadlocks-in-salt-ssh.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
use-salt-bundle-in-dockermod.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
use-salt-call-from-salt-bundle-with-transactional_up.patch
Accepting request 1114819 from home:vizhestkov:branches:systemsmanagement:saltstack
2023-10-02 14:14:56 +00:00
v3006.0.tar.gz
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
write-salt-version-before-building-when-using-with-s.patch
Accepting request 1112548 from home:PSuarezHernandez:branches:systemsmanagement:saltstack
2023-09-20 12:57:13 +00:00
x509-fixes-111.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00
zypper-pkgrepo-alreadyconfigured-585.patch
Accepting request 1103185 from home:agraul:branches:systemsmanagement:saltstack
2023-08-10 11:32:54 +00:00
zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
Accepting request 1084999 from home:agraul:branches:systemsmanagement:saltstack
2023-05-05 09:15:58 +00:00

README.SUSE 

Salt-master as non-root user
============================

With this version of salt the salt-master will run as salt user.

Why an extra user
=================

While the current setup runs the master as root user, this is considered a security issue
and not in line with the other configuration management tools (eg. puppet) which runs as a
dedicated user. 

How can I undo the change
=========================

If you would like to make the change before you can do the following steps manually:
1. change the user parameter in the master configuration
   user: root
2. update the file permissions:
   as root: chown -R root /etc/salt /var/cache/salt /var/log/salt /var/run/salt
3. restart the salt-master daemon:
   as root: rcsalt-master restart or systemctl restart salt-master

NOTE
====

Running the salt-master daemon as a root user is considers by some a security risk, but
running as root, enables the pam external auth system, as this system needs root access to check authentication.

For more information:
http://docs.saltstack.com/en/latest/ref/configuration/nonroot.html
Description
No description provided
Readme 42 MiB
Languages
Shell 91.3%
Makefile 8.7%