rpms
/
subscription-manager
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI subscription-manager-1.29.33.1-2.el9_2

This commit is contained in:
eabdullin 2023-08-22 20:56:00 +00:00
parent db4750ca56
commit 9678559405
2 changed files with 107 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
SOURCES/00001-fix-dbus-policy.patch Normal file
View File

@ -0,0 +1,99 @@
diff --git a/etc-conf/dbus/system.d/com.redhat.RHSM1.conf b/etc-conf/dbus/system.d/com.redhat.RHSM1.conf
index e21c57263..11adf1d79 100644
--- a/etc-conf/dbus/system.d/com.redhat.RHSM1.conf
+++ b/etc-conf/dbus/system.d/com.redhat.RHSM1.conf
@@ -7,23 +7,9 @@
<policy user="root">
<allow own="com.redhat.RHSM1"/>
- <!-- Basic D-Bus API stuff -->
- <allow send_destination="com.redhat.RHSM1"
- send_interface="org.freedesktop.DBus.Introspectable"/>
- <allow send_destination="com.redhat.RHSM1"
- send_interface="org.freedesktop.DBus.Properties"/>
- <allow send_destination="com.redhat.RHSM1"
- send_interface="org.freedesktop.DBus.ObjectManager"/>
-
- <!-- allow Config.Set from root -->
- <allow send_destination="com.redhat.RHSM1"
- send_interface="com.redhat.RHSM1.Config"
- send_member="Set"/>
- </policy>
-
-
- <policy context="default">
- <!-- TODO: make these read-only by default -->
+ <!--
+ Lock down the objects to root access only
+ -->
<allow send_destination="com.redhat.RHSM1"
send_interface="com.redhat.RHSM1"/>
@@ -37,11 +23,6 @@
<allow send_destination="com.redhat.RHSM1"
send_interface="com.redhat.RHSM1.Config"/>
- <!-- deny Config.Set by default -->
- <deny send_destination="com.redhat.RHSM1"
- send_interface="com.redhat.RHSM1.Config"
- send_member="Set"/>
-
<allow send_destination="com.redhat.RHSM1"
send_interface="com.redhat.RHSM1.RegisterServer"/>
@@ -65,5 +46,54 @@
<allow send_destination="com.redhat.RHSM1"
send_interface="org.freedesktop.DBus.ObjectManager"/>
</policy>
-</busconfig>
+
+ <policy context="default">
+
+ <!--
+ Non-root users can execute only methods providing
+ information from files readable by non-root users.
+ -->
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Entitlement"
+ send_member="GetStatus"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Products"
+ send_member="ListInstalledProducts"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Syspurpose"
+ send_member="GetSyspurpose"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Syspurpose"
+ send_member="GetSyspurposeStatus"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Config"
+ send_member="GetAll"/>
+
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Config"
+ send_member="Get"/>
+
+ <!--
+ The UUID returned by following method is read
+ from consumer cert. Only this file is not
+ readable by non-root users.
+ -->
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="com.redhat.RHSM1.Consumer"
+ send_member="GetUuid"/>
+
+ <!-- Basic D-Bus API stuff -->
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="org.freedesktop.DBus.Properties"/>
+ <allow send_destination="com.redhat.RHSM1"
+ send_interface="org.freedesktop.DBus.ObjectManager"/>
+ </policy>
+</busconfig>

9
SPECS/subscription-manager.spec
View File

@ -96,7 +96,7 @@
Name: subscription-manager Name: subscription-manager
Version: 1.29.33.1 Version: 1.29.33.1
Release: 1%{?dist} Release: 2%{?dist}
Summary: Tools and libraries for subscription and repository management Summary: Tools and libraries for subscription and repository management
%if 0%{?suse_version} %if 0%{?suse_version}
Group: Productivity/Networking/System Group: Productivity/Networking/System
@ -222,6 +222,8 @@ Obsoletes: dnf-plugin-subscription-manager < 1.29.0
Obsoletes: %{py_package_prefix}-syspurpose <= %{version} Obsoletes: %{py_package_prefix}-syspurpose <= %{version}
Patch00001: 00001-fix-dbus-policy.patch
%description %description
The Subscription Manager package provides programs and libraries to allow users The Subscription Manager package provides programs and libraries to allow users
to manage subscriptions and yum repositories from the Red Hat entitlement to manage subscriptions and yum repositories from the Red Hat entitlement
@ -363,6 +365,8 @@ cloud metadata and signatures.
%prep %prep
%setup -q %setup -q
%autopatch -p1
%build %build
make -f Makefile VERSION=%{version}-%{release} CFLAGS="%{optflags}" \ make -f Makefile VERSION=%{version}-%{release} CFLAGS="%{optflags}" \
LDFLAGS="%{__global_ldflags}" OS_DIST="%{dist}" PYTHON="%{__python}" \ LDFLAGS="%{__global_ldflags}" OS_DIST="%{dist}" PYTHON="%{__python}" \
@ -736,6 +740,9 @@ rmdir %{python_sitearch}/subscription_manager-*-*.egg-info --ignore-fail-on-non-
rm -f /var/lib/rhsm/cache/rhsm_icon.json rm -f /var/lib/rhsm/cache/rhsm_icon.json
%changelog %changelog
* Mon Aug 07 2023 Jiri Hnidek <jhnidek@redhat.com> 1.29.33.1-2
- 2225445: Fix D-Bus policy (jhnidek@redhat.com)
* Thu Mar 02 2023 Pino Toscano <ptoscano@redhat.com> 1.29.33.1-1 * Thu Mar 02 2023 Pino Toscano <ptoscano@redhat.com> 1.29.33.1-1
- tito: add rhel 9.2 releaser (ptoscano@redhat.com) - tito: add rhel 9.2 releaser (ptoscano@redhat.com)
- 2169251: connection: restore UEPConnection.getJob() (ptoscano@redhat.com) - 2169251: connection: restore UEPConnection.getJob() (ptoscano@redhat.com)