rpms
/
subscription-manager
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI subscription-manager-1.28.36-3.el8_8

This commit is contained in:
eabdullin 2023-08-22 20:56:16 +00:00
parent 39885e042d
commit 721503844c
2 changed files with 106 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
SOURCES/00001-fix-dbus-policy.patch Normal file
View File

@ -0,0 +1,99 @@
diff --git a/etc-conf/dbus/system.d/com.redhat.RHSM1.conf b/etc-conf/dbus/system.d/com.redhat.RHSM1.conf
index e21c57263..11adf1d79 100644
--- a/etc-conf/dbus/system.d/com.redhat.RHSM1.conf
+++ b/etc-conf/dbus/system.d/com.redhat.RHSM1.conf
@@ -7,23 +7,9 @@
<policy user="root">
<allow own="com.redhat.RHSM1"/>
- <!-- Basic D-Bus API stuff -->
- <allow send_destination="com.redhat.RHSM1"
- send_interface="org.freedesktop.DBus.Introspectable"/>
- <allow send_destination="com.redhat.RHSM1"
- send_interface="org.freedesktop.DBus.Properties"/>
- <allow send_destination="com.redhat.RHSM1"
- send_interface="org.freedesktop.DBus.ObjectManager"/>
-
- <!-- allow Config.Set from root -->
- <allow send_destination="com.redhat.RHSM1"
- send_interface="com.redhat.RHSM1.Config"
- send_member="Set"/>
- </policy>
-
-
- <policy context="default">
- <!-- TODO: make these read-only by default -->
+ <!--
+ Lock down the objects to root access only
+ -->
<allow send_destination="com.redhat.RHSM1"
send_interface="com.redhat.RHSM1"/>
@@ -37,11 +23,6 @@
<allow send_destination="com.redhat.RHSM1"
send_interface="com.redhat.RHSM1.Config"/>
- <!-- deny Config.Set by default -->
- <deny send_destination="com.redhat.RHSM1"
- send_interface="com.redhat.RHSM1.Config"
- send_member="Set"/>
-
<allow send_destination="com.redhat.RHSM1"
send_interface="com.redhat.RHSM1.RegisterServer"/>
@@ -65,5 +46,54 @@
<allow send_destination="com.redhat.RHSM1"
send_interface="org.freedesktop.DBus.ObjectManager"/>
</policy>
-</busconfig>
+
+ <policy context="default">
+
+ <!--
+ Non-root users can execute only methods providing
+ information from files readable by non-root users.
+ -->
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Entitlement"
+ send_member="GetStatus"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Products"
+ send_member="ListInstalledProducts"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Syspurpose"
+ send_member="GetSyspurpose"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Syspurpose"
+ send_member="GetSyspurposeStatus"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Config"
+ send_member="GetAll"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Config"
+ send_member="Get"/>
+
+ <!--
+ The UUID returned by following method is read
+ from consumer cert. Only this file is not
+ readable by non-root users.
+ -->
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Consumer"
+ send_member="GetUuid"/>
+
+ <!-- Basic D-Bus API stuff -->
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="org.freedesktop.DBus.Properties"/>
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="org.freedesktop.DBus.ObjectManager"/>
+ </policy>
+</busconfig>

8
SPECS/subscription-manager.spec
View File

@ -245,7 +245,7 @@
Name: subscription-manager Name: subscription-manager
Version: 1.28.36 Version: 1.28.36
Release: 2%{?dist} Release: 3%{?dist}
Summary: Tools and libraries for subscription and repository management Summary: Tools and libraries for subscription and repository management
%if 0%{?suse_version} %if 0%{?suse_version}
Group: Productivity/Networking/System Group: Productivity/Networking/System
@ -402,6 +402,8 @@ BuildRequires: systemd
Obsoletes: subscription-manager-plugin-container Obsoletes: subscription-manager-plugin-container
%endif %endif
Patch00001: 00001-fix-dbus-policy.patch
%description %description
The Subscription Manager package provides programs and libraries to allow users The Subscription Manager package provides programs and libraries to allow users
to manage subscriptions and yum repositories from the Red Hat entitlement to manage subscriptions and yum repositories from the Red Hat entitlement
@ -758,6 +760,8 @@ cloud metadata and signatures.
%prep %prep
%setup -q %setup -q
%autopatch -p1
%build %build
make -f Makefile VERSION=%{version}-%{release} CFLAGS="%{optflags}" \ make -f Makefile VERSION=%{version}-%{release} CFLAGS="%{optflags}" \
LDFLAGS="%{__global_ldflags}" OS_DIST="%{dist}" PYTHON="%{__python}" \ LDFLAGS="%{__global_ldflags}" OS_DIST="%{dist}" PYTHON="%{__python}" \
@ -1483,6 +1487,8 @@ gtk-update-icon-cache -f %{_datadir}/icons/hicolor &>/dev/null || :
%endif %endif
%changelog %changelog
* Tue Aug 08 2023 Jiri Hnidek <jhnidek@redhat.com> 1.28.36-3
- 2225442: Fix D-Bus policy (jhnidek@redhat.com)
* Wed Feb 22 2023 Pino Toscano <ptoscano@redhat.com> 1.28.36-2 * Wed Feb 22 2023 Pino Toscano <ptoscano@redhat.com> 1.28.36-2
- Translated using Weblate (French) (ljanda@redhat.com) - Translated using Weblate (French) (ljanda@redhat.com)
- Translated using Weblate (French) (suanand@redhat.com) - Translated using Weblate (French) (suanand@redhat.com)