import subscription-manager-1.29.33.1-2.el9_2

c9 imports/c9/subscription-manager-1.29.33.1-2.el9_2
MSVSphere Packaging Team 1 year ago
parent 3fa09bc9fa
commit 36702e169b

@ -0,0 +1,99 @@
diff --git a/etc-conf/dbus/system.d/com.redhat.RHSM1.conf b/etc-conf/dbus/system.d/com.redhat.RHSM1.conf
index e21c57263..11adf1d79 100644
--- a/etc-conf/dbus/system.d/com.redhat.RHSM1.conf
+++ b/etc-conf/dbus/system.d/com.redhat.RHSM1.conf
@@ -7,23 +7,9 @@
<policy user="root">
<allow own="com.redhat.RHSM1"/>
- <!-- Basic D-Bus API stuff -->
- <allow send_destination="com.redhat.RHSM1"
- send_interface="org.freedesktop.DBus.Introspectable"/>
- <allow send_destination="com.redhat.RHSM1"
- send_interface="org.freedesktop.DBus.Properties"/>
- <allow send_destination="com.redhat.RHSM1"
- send_interface="org.freedesktop.DBus.ObjectManager"/>
-
- <!-- allow Config.Set from root -->
- <allow send_destination="com.redhat.RHSM1"
- send_interface="com.redhat.RHSM1.Config"
- send_member="Set"/>
- </policy>
-
-
- <policy context="default">
- <!-- TODO: make these read-only by default -->
+ <!--
+ Lock down the objects to root access only
+ -->
<allow send_destination="com.redhat.RHSM1"
send_interface="com.redhat.RHSM1"/>
@@ -37,11 +23,6 @@
<allow send_destination="com.redhat.RHSM1"
send_interface="com.redhat.RHSM1.Config"/>
- <!-- deny Config.Set by default -->
- <deny send_destination="com.redhat.RHSM1"
- send_interface="com.redhat.RHSM1.Config"
- send_member="Set"/>
-
<allow send_destination="com.redhat.RHSM1"
send_interface="com.redhat.RHSM1.RegisterServer"/>
@@ -65,5 +46,54 @@
<allow send_destination="com.redhat.RHSM1"
send_interface="org.freedesktop.DBus.ObjectManager"/>
</policy>
-</busconfig>
+
+ <policy context="default">
+
+ <!--
+ Non-root users can execute only methods providing
+ information from files readable by non-root users.
+ -->
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Entitlement"
+ send_member="GetStatus"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Products"
+ send_member="ListInstalledProducts"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Syspurpose"
+ send_member="GetSyspurpose"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Syspurpose"
+ send_member="GetSyspurposeStatus"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Config"
+ send_member="GetAll"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Config"
+ send_member="Get"/>
+
+ <!--
+ The UUID returned by following method is read
+ from consumer cert. Only this file is not
+ readable by non-root users.
+ -->
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Consumer"
+ send_member="GetUuid"/>
+
+ <!-- Basic D-Bus API stuff -->
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="org.freedesktop.DBus.Properties"/>
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="org.freedesktop.DBus.ObjectManager"/>
+ </policy>
+</busconfig>

@ -96,7 +96,7 @@
Name: subscription-manager Name: subscription-manager
Version: 1.29.33.1 Version: 1.29.33.1
Release: 1%{?dist} Release: 2%{?dist}
Summary: Tools and libraries for subscription and repository management Summary: Tools and libraries for subscription and repository management
%if 0%{?suse_version} %if 0%{?suse_version}
Group: Productivity/Networking/System Group: Productivity/Networking/System
@ -222,6 +222,8 @@ Obsoletes: dnf-plugin-subscription-manager < 1.29.0
Obsoletes: %{py_package_prefix}-syspurpose <= %{version} Obsoletes: %{py_package_prefix}-syspurpose <= %{version}
Patch00001: 00001-fix-dbus-policy.patch
%description %description
The Subscription Manager package provides programs and libraries to allow users The Subscription Manager package provides programs and libraries to allow users
to manage subscriptions and yum repositories from the Red Hat entitlement to manage subscriptions and yum repositories from the Red Hat entitlement
@ -363,6 +365,8 @@ cloud metadata and signatures.
%prep %prep
%setup -q %setup -q
%autopatch -p1
%build %build
make -f Makefile VERSION=%{version}-%{release} CFLAGS="%{optflags}" \ make -f Makefile VERSION=%{version}-%{release} CFLAGS="%{optflags}" \
LDFLAGS="%{__global_ldflags}" OS_DIST="%{dist}" PYTHON="%{__python}" \ LDFLAGS="%{__global_ldflags}" OS_DIST="%{dist}" PYTHON="%{__python}" \
@ -736,6 +740,9 @@ rmdir %{python_sitearch}/subscription_manager-*-*.egg-info --ignore-fail-on-non-
rm -f /var/lib/rhsm/cache/rhsm_icon.json rm -f /var/lib/rhsm/cache/rhsm_icon.json
%changelog %changelog
* Mon Aug 07 2023 Jiri Hnidek <jhnidek@redhat.com> 1.29.33.1-2
- 2225445: Fix D-Bus policy (jhnidek@redhat.com)
* Thu Mar 02 2023 Pino Toscano <ptoscano@redhat.com> 1.29.33.1-1 * Thu Mar 02 2023 Pino Toscano <ptoscano@redhat.com> 1.29.33.1-1
- tito: add rhel 9.2 releaser (ptoscano@redhat.com) - tito: add rhel 9.2 releaser (ptoscano@redhat.com)
- 2169251: connection: restore UEPConnection.getJob() (ptoscano@redhat.com) - 2169251: connection: restore UEPConnection.getJob() (ptoscano@redhat.com)

Loading…
Cancel
Save