testing/permissions
SHA256
3
0
Fork 0
forked from pool/permissions
Code Pull Requests Activity
175 Commits 2 Branches 0 Tags 1,023 KiB
0433ec9d56
Commit Graph

151 Commits

Author SHA256 Message Date
Marcus Meissner
0433ec9d56 Accepting request 548215 from home:kukuk:branches:Base:System 
- fillup is required for post, not pre installation

OBS-URL: https://build.opensuse.org/request/show/548215
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=189
 2017-12-05 07:10:12 +00:00
Marcus Meissner
d85ec2cc61 Accepting request 546606 from home:pluskalm:branches:Base:System 
- Cleanup spec file with spec-cleaner
- Drop conditions/definitions related to old distros

OBS-URL: https://build.opensuse.org/request/show/546606
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=188
 2017-11-30 10:35:19 +00:00
Marcus Meissner
f434538bbd - Update to version 20171129: 
* permissions: adding gvfs (bsc#1065864)
  * Allow setgid incingacmd on directory /run/icinga2/cmd bsc#1069410
  * Allow fping cap_net_raw (bsc#1047921)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=187
 2017-11-29 17:02:48 +00:00
Marcus Meissner
24ce7041d6 OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=186 2017-11-24 16:26:13 +00:00
Marcus Meissner
2688fa191a Accepting request 544692 from home:RBrownSUSE:branches:Base:System 
Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)

OBS-URL: https://build.opensuse.org/request/show/544692
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=185
 2017-11-23 14:58:07 +00:00
Marcus Meissner
a7962163fe - Update to version 20171121: 
* - permissions: adding kwayland (bsc#1062182)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=182
 2017-11-21 14:07:42 +00:00
Marcus Meissner
b680cbc36d - Update to version 20171106: 
* Allow setuid root for singularity (group only) bsc#1028304

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=180
 2017-11-06 15:58:58 +00:00
Marcus Meissner
fb770d791f - Update to version 20171025: 
* Stricter permissions on cron directories (paranoid) and stricter permissions on sshd_config (secure/paranoid)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=177
 2017-10-25 15:51:58 +00:00
Marcus Meissner
8b1949dd93 - Update to version 20170928: 
* Fix invalid syntax bsc#1048645 bsc#1060738

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=174
 2017-09-28 10:48:52 +00:00
Marcus Meissner
ae2fcfcc83 - Update to version 20170927: 
* fix typos in manpages

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=173
 2017-09-27 14:50:43 +00:00
Marcus Meissner
88add7774f - Update to version 20170922: 
* Allow setuid root for singularity (group only) bsc#1028304

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=171
 2017-09-22 14:01:01 +00:00
Marcus Meissner
79244e6f3c - Update to version 20170913: 
* Allow setuid for shadow newuidmap, newgidmap bsc#979282, bsc#1048645)

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=168
 2017-09-13 16:53:54 +00:00
Marcus Meissner
c8a528761f OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=163 2017-09-06 09:43:17 +00:00
Marcus Meissner
0ca1d5fbf3 Accepting request 501680 from home:dimstar:Factory 
- BuildIgnore group(trusted): we don't really care for this group
  in the buildroot and do not want to get system-users into the
  bootstrap cycle as we can avoid it.

OBS-URL: https://build.opensuse.org/request/show/501680
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=159
 2017-06-07 11:15:04 +00:00
Marcus Meissner
c7d23f34dd - Require: group(trusted), as we are handing it out to some unsuspecting 
binaries and it is no longer default.

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=157
 2017-06-03 07:22:19 +00:00
Marcus Meissner
f06adee271 - Update to version 20170602: 
* make /etc/ppp owned by root:root. The group dialout usage is no longer used

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=156
 2017-06-02 10:55:29 +00:00
Marcus Meissner
ba70df90ac OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=154 2017-06-02 10:53:34 +00:00
Marcus Meissner
f28a99e103 - Update to version 20160807: 
* suexec2 is a symlink, no need for permissions handling

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=151
 2016-08-07 12:03:42 +00:00
Marcus Meissner
3b16bfa06f OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=146 2016-08-02 08:29:24 +00:00
Marcus Meissner
6899251720 Accepting request 397400 from home:dimstar:branches:Base:System 
- Introduce _service to easier update the package. For simplicity,
  change the version from yyyy.mm.dd to yyyymmdd (which is eactly
  %cd in the _service defintion). Upgrading is no problem.

It's up to the maintainer if you prefer this method or whatever you
currently use...

the _service allows to do an update with those commands:
===
osc co Base:System permissions
cd Base:System/permissions
rm *xz
osc service dr
osc ar
osc ci -m 'Update done'
===

It will add use the commit messages from git to formulate the .changelog in the form:
+ Update to version YYYYMMDD:
  - Git commitlog 1
  - Git commitlog 1

Feel free to use or reject

OBS-URL: https://build.opensuse.org/request/show/397400
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=144
 2016-05-23 14:04:56 +00:00
Marcus Meissner
5b294da664 Accepting request 397396 from home:msmeissn:branches:Base:System 
- chage only needs read rights to /etc/shadow, so setgid shadow is sufficient (bsc#975352)

- permissions: adding gstreamer ptp file caps (bsc#960173)

OBS-URL: https://build.opensuse.org/request/show/397396
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=143
 2016-05-23 09:01:41 +00:00
Marcus Meissner
2026868fe9 Accepting request 353869 from home:msmeissn:branches:Base:System 
- the apache folks renamed suexec2 to suexec with symlink. adjust both (bsc#962060)

OBS-URL: https://build.opensuse.org/request/show/353869
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=141
 2016-01-15 14:42:31 +00:00
Marcus Meissner
b6e28807c2 Accepting request 353278 from home:msmeissn:branches:Base:System 
- pinger needs to be squid:root, not root:squid (there is no squid group) bsc#961363

- add suexec with 0755 to all standard profiles. this can and should be overridden in permissions.local if you need it setuid root. bsc#951765 bsc#263789
- added missing / to the squid specific directories (bsc#950557)

OBS-URL: https://build.opensuse.org/request/show/353278
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=140
 2016-01-12 16:30:34 +00:00
Marcus Meissner
7723b028aa Accepting request 334552 from home:msmeissn:branches:Base:System 
- adjusted radosgw to root:www mode 0750 (bsc#943471)

OBS-URL: https://build.opensuse.org/request/show/334552
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=138
 2015-09-28 14:36:36 +00:00
Marcus Meissner
e1788e4035 Accepting request 334443 from home:msmeissn:branches:Base:System 
- radosgw can get capability cap_bind_net_service (bsc#943471)

OBS-URL: https://build.opensuse.org/request/show/334443
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=137
 2015-09-28 13:36:03 +00:00
Marcus Meissner
caaf70201f Accepting request 311171 from home:msmeissn:branches:Base:System 
- remove /usr/bin/get_printing_ticket; (bnc#906336)

OBS-URL: https://build.opensuse.org/request/show/311171
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=135
 2015-06-08 16:26:06 +00:00
Marcus Meissner
987b4c1e61 Accepting request 263879 from home:msmeissn:branches:Base:System 
- Added iouyap capabilities (bnc#904060)

OBS-URL: https://build.opensuse.org/request/show/263879
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=133
 2014-12-04 07:34:28 +00:00
Marcus Meissner
55fdaea9a3 Accepting request 259902 from home:msmeissn:branches:Base:System 
- %{_bindir}/get_printing_ticket turned to mode 700, setuid root no longer needed (bnc#685093)
- permissions: incorporating squid changes from bnc#891268
- hint that chkstat --system --set needs to be run after editing bnc#895647

OBS-URL: https://build.opensuse.org/request/show/259902
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=131
 2014-11-05 17:23:09 +00:00
Marcus Meissner
2b1381f5ed Accepting request 246515 from home:msmeissn:branches:Base:System 
- Do not applies permissions from backup files (~ / .rpmsave / .rpmnew) (bnc#893370)
- do not mention SuSEconfig anymore, long dead (bnc#843083)

OBS-URL: https://build.opensuse.org/request/show/246515
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=129
 2014-08-26 13:05:22 +00:00
Marcus Meissner
1febc609ea Accepting request 243379 from home:msmeissn:branches:Base:System 
- append a / to /var/log/journal so the framework makes sure it is a directory bnc#888151

OBS-URL: https://build.opensuse.org/request/show/243379
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=127
 2014-08-01 11:42:04 +00:00
Marcus Meissner
dba36f4d8f Accepting request 242029 from home:msmeissn:branches:Base:System 
- make innbind mode 4550  (bnc#876287)
- permissions: Adding systemd-journal directory (bnc#888151)

OBS-URL: https://build.opensuse.org/request/show/242029
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=125
 2014-07-23 15:21:41 +00:00
Marcus Meissner
111602a6c6 Accepting request 241753 from home:msmeissn:branches:Base:System 
- permissions: Adding new kdesud path for KDE5 (bnc#872276)

OBS-URL: https://build.opensuse.org/request/show/241753
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=124
 2014-07-21 14:12:53 +00:00
Marcus Meissner
d1796cf746 Accepting request 239152 from home:msmeissn:branches:Base:System 
- vlock_main lost its permission checking, so remove from here.

OBS-URL: https://build.opensuse.org/request/show/239152
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=122
 2014-07-01 11:47:17 +00:00
Marcus Meissner
18b3eed942 Accepting request 237512 from home:msmeissn:branches:Base:System 
- opiesu,wodim,vlock-main have no setuid root. (bnc#882035)

OBS-URL: https://build.opensuse.org/request/show/237512
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=120
 2014-06-16 11:52:40 +00:00
Marcus Meissner
087979a9c5 Accepting request 236354 from home:msmeissn:branches:Base:System 
- tighten /etc/crontab to be always mode 600, even in easy (bnc#867799)

OBS-URL: https://build.opensuse.org/request/show/236354
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=119
 2014-06-05 08:16:53 +00:00
Marcus Meissner
d83696ead0 Accepting request 230216 from home:msmeissn:branches:Base:System 
- duplicate /var/run entries to /run (bnc#873708)

OBS-URL: https://build.opensuse.org/request/show/230216
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=117
 2014-04-15 14:41:18 +00:00
Marcus Meissner
9ff01a3be5 Accepting request 227299 from home:msmeissn:branches:Base:System 
- permissions: incorporating capability for mtr, removing +s from ping
  (bnc#865351)

OBS-URL: https://build.opensuse.org/request/show/227299
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=115
 2014-03-24 11:46:57 +00:00
Marcus Meissner
1f41a98c1b Accepting request 205002 from home:msmeissn:branches:Base:System 
- GIT repo moved to GITHUB.

OBS-URL: https://build.opensuse.org/request/show/205002
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=113
 2013-10-28 12:14:20 +00:00
Marcus Meissner
564e2045ec Accepting request 204986 from home:msmeissn:branches:Base:System 
- removed the setuid bit from "eject" (bnc#824406)

OBS-URL: https://build.opensuse.org/request/show/204986
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=112
 2013-10-28 10:49:53 +00:00
Marcus Meissner
2e919d23e6 Accepting request 195995 from home:msmeissn:branches:Base:System 
- do not use magic constants for strlen (bnc#834790

OBS-URL: https://build.opensuse.org/request/show/195995
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=110
 2013-08-22 12:29:38 +00:00
Marcus Meissner
88e93f4949 Accepting request 195810 from home:msmeissn:branches:Base:System 
- Chrome sandbox also allowed to be setuid root in secure mode now (bnc#718016)

- use PERMISSION_FSCAPS

- it is PERMISSIONS_FSCAPS (bnc#834790)
- qemu-bridge-helper has no special privileges currently (bnc#765948)

OBS-URL: https://build.opensuse.org/request/show/195810
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=108
 2013-08-21 13:06:40 +00:00
Marcus Meissner
f7167a7542 Accepting request 178641 from home:msmeissn:branches:Base:System 
- utempter helper binary moved in new version to /usr/lib/utempter/utempter (bnc#823302)

OBS-URL: https://build.opensuse.org/request/show/178641
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=106
 2013-06-12 12:36:35 +00:00
Marcus Meissner
13ae92871b Accepting request 178510 from home:msmeissn:branches:Base:System 
- cdrtools: allow some filesystem capabilities for more stable CD/DVD
  burning in "easy" mode. (bnc#550021) (cap_sys_nice, cap_sys_rawio,
  cap_sys_resource, cap_ipc_lock)

OBS-URL: https://build.opensuse.org/request/show/178510
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=105
 2013-06-11 09:35:05 +00:00
Marcus Meissner
e63c733ea5 Accepting request 174833 from home:msmeissn:branches:Base:System 
- leave out readcd,cdda2wav,cdrecord until it is ready for the distro (bnc#550021)

OBS-URL: https://build.opensuse.org/request/show/174833
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=103
 2013-05-08 14:33:37 +00:00
Marcus Meissner
d81cf5b7b7 Accepting request 174491 from home:msmeissn:branches:Base:System 
- cdrecord currently has no special permissions approved (bnc#550021)
- append a /

OBS-URL: https://build.opensuse.org/request/show/174491
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=101
 2013-05-04 14:49:12 +00:00
Dr. Werner Fink
3c85079215 Accepting request 150329 from home:msmeissn:branches:Base:System 
- Allow pcp to have stickybit worldwriteable directories

OBS-URL: https://build.opensuse.org/request/show/150329
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=99
 2013-01-30 13:37:31 +00:00
Marcus Meissner
a8e8840bc1 Accepting request 143274 from home:msmeissn:branches:Base:System 
- add /usr/bin/dumpcap to watchlist
- make fscaps=1 the default on ""
- added PERMISSION_FSCAPS to the sysconfig/security fillup template.
- /bin/ping(6) was moved to /usr/bin/ping(6) /bin/eject was moved to /usr/bin/eject

OBS-URL: https://build.opensuse.org/request/show/143274
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=97
 2012-11-30 13:21:16 +00:00
Ludwig Nussel
8449923ee4 - apply permissions settings in %post. During initial installation 
some packages might be installed before the permissions package
  due to dependency loops so we need to make sure their settings
  are applied too. Also, on update of the permissions package
  changed permission settings may need to be applied.

OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=95
 2012-11-21 14:01:07 +00:00
Ludwig Nussel
b526458851 - temporarily add su.core 
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=92
 2012-10-15 11:49:16 +00:00
Cristian Rodríguez
3fc393435b Accepting request 135933 from home:msmeissn:branches:Base:System 
- no longer install SuSEconfig.permissions, SuSEconfig is gone.

OBS-URL: https://build.opensuse.org/request/show/135933
OBS-URL: https://build.opensuse.org/package/show/Base:System/permissions?expand=0&rev=90
 2012-09-25 19:26:09 +00:00