rpms
/
subscription-manager
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import subscription-manager-1.28.36-3.el8_8

Browse Source
i8c changed/i8c/subscription-manager-1.28.36-3.el8_8
MSVSphere Packaging Team 1 year ago
parent 11cd0257c9
commit f73add9fe9
2 changed files with 106 additions and 1 deletions
Show Stats Download Patch File Download Diff File

99
SOURCES/00001-fix-dbus-policy.patch
Unescape View File

@ -0,0 +1,99 @@
diff --git a/etc-conf/dbus/system.d/com.redhat.RHSM1.conf b/etc-conf/dbus/system.d/com.redhat.RHSM1.conf
index e21c57263..11adf1d79 100644
--- a/etc-conf/dbus/system.d/com.redhat.RHSM1.conf
+++ b/etc-conf/dbus/system.d/com.redhat.RHSM1.conf
@@ -7,23 +7,9 @@
<policy user="root">
<allow own="com.redhat.RHSM1"/>
- <!-- Basic D-Bus API stuff -->
- <allow send_destination="com.redhat.RHSM1"
- send_interface="org.freedesktop.DBus.Introspectable"/>
- <allow send_destination="com.redhat.RHSM1"
- send_interface="org.freedesktop.DBus.Properties"/>
- <allow send_destination="com.redhat.RHSM1"
- send_interface="org.freedesktop.DBus.ObjectManager"/>
-
- <!-- allow Config.Set from root -->
- <allow send_destination="com.redhat.RHSM1"
- send_interface="com.redhat.RHSM1.Config"
- send_member="Set"/>
- </policy>
-
-
- <policy context="default">
- <!-- TODO: make these read-only by default -->
+ <!--
+ Lock down the objects to root access only
+ -->
<allow send_destination="com.redhat.RHSM1"
send_interface="com.redhat.RHSM1"/>
@@ -37,11 +23,6 @@
<allow send_destination="com.redhat.RHSM1"
send_interface="com.redhat.RHSM1.Config"/>
- <!-- deny Config.Set by default -->
- <deny send_destination="com.redhat.RHSM1"
- send_interface="com.redhat.RHSM1.Config"
- send_member="Set"/>
-
<allow send_destination="com.redhat.RHSM1"
send_interface="com.redhat.RHSM1.RegisterServer"/>
@@ -65,5 +46,54 @@
<allow send_destination="com.redhat.RHSM1"
send_interface="org.freedesktop.DBus.ObjectManager"/>
</policy>
-</busconfig>
+
+ <policy context="default">
+
+ <!--
+ Non-root users can execute only methods providing
+ information from files readable by non-root users.
+ -->
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Entitlement"
+ send_member="GetStatus"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Products"
+ send_member="ListInstalledProducts"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Syspurpose"
+ send_member="GetSyspurpose"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Syspurpose"
+ send_member="GetSyspurposeStatus"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Config"
+ send_member="GetAll"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Config"
+ send_member="Get"/>
+
+ <!--
+ The UUID returned by following method is read
+ from consumer cert. Only this file is not
+ readable by non-root users.
+ -->
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Consumer"
+ send_member="GetUuid"/>
+
+ <!-- Basic D-Bus API stuff -->
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="org.freedesktop.DBus.Properties"/>
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="org.freedesktop.DBus.ObjectManager"/>
+ </policy>
+</busconfig>

8
SPECS/subscription-manager.spec
Unescape View File

@ -245,7 +245,7 @@
Name: subscription-manager Name: subscription-manager
Version: 1.28.36 Version: 1.28.36
Release: 2%{?dist} Release: 3%{?dist}
Summary: Tools and libraries for subscription and repository management Summary: Tools and libraries for subscription and repository management
%if 0%{?suse_version} %if 0%{?suse_version}
Group: Productivity/Networking/System Group: Productivity/Networking/System
@ -402,6 +402,8 @@ BuildRequires: systemd
Obsoletes: subscription-manager-plugin-container Obsoletes: subscription-manager-plugin-container
%endif %endif
Patch00001: 00001-fix-dbus-policy.patch
%description %description
The Subscription Manager package provides programs and libraries to allow users The Subscription Manager package provides programs and libraries to allow users
to manage subscriptions and yum repositories from the Red Hat entitlement to manage subscriptions and yum repositories from the Red Hat entitlement
@ -758,6 +760,8 @@ cloud metadata and signatures.
%prep %prep
%setup -q %setup -q
%autopatch -p1
%build %build
make -f Makefile VERSION=%{version}-%{release} CFLAGS="%{optflags}" \ make -f Makefile VERSION=%{version}-%{release} CFLAGS="%{optflags}" \
LDFLAGS="%{__global_ldflags}" OS_DIST="%{dist}" PYTHON="%{__python}" \ LDFLAGS="%{__global_ldflags}" OS_DIST="%{dist}" PYTHON="%{__python}" \
@ -1483,6 +1487,8 @@ gtk-update-icon-cache -f %{_datadir}/icons/hicolor &>/dev/null || :
%endif %endif
%changelog %changelog
* Tue Aug 08 2023 Jiri Hnidek <jhnidek@redhat.com> 1.28.36-3
- 2225442: Fix D-Bus policy (jhnidek@redhat.com)
* Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 1.28.36-2 * Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 1.28.36-2
- Rebuilt for MSVSphere 8.8 - Rebuilt for MSVSphere 8.8

Write Preview
Loading…
Cancel
Save