Hello community,
here is the log from the commit of package permissions for openSUSE:Factory
checked in at 2012-12-03 11:17:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/permissions (Old)
and /work/SRC/openSUSE:Factory/.permissions.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "permissions", Maintainer is "meiss...@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-11-22
17:02:38.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes
2012-12-03 11:18:01.000000000 +0100
@@ -1,0 +2,8 @@
+Tue Nov 27 15:41:16 UTC 2012 - meiss...@suse.com
+
+- add /usr/bin/dumpcap to watchlist
+- make fscaps=1 the default on ""
+- added PERMISSION_FSCAPS to the sysconfig/security fillup template.
+- /bin/ping(6) was moved to /usr/bin/ping(6) /bin/eject was moved to
/usr/bin/eject
+
+-------------------------------------------------------------------
Old:
----
permissions-2012.10.15.1348.tar.bz2
New:
----
permissions-2012.11.27.1640.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ permissions.spec ++++++
--- /var/tmp/diff_new_pack.1VZ9KD/_old 2012-12-03 11:18:02.000000000 +0100
+++ /var/tmp/diff_new_pack.1VZ9KD/_new 2012-12-03 11:18:02.000000000 +0100
@@ -20,7 +20,7 @@
BuildRequires: libcap-devel
Name: permissions
-Version: 2012.10.15.1348
+Version: 2012.11.27.1640
Release: 0
Provides: aaa_base:/etc/permissions
PreReq: %fillup_prereq
++++++ permissions-2012.10.15.1348.tar.bz2 ->
permissions-2012.11.27.1640.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2012.10.15.1348/chkstat.c
new/permissions-2012.11.27.1640/chkstat.c
--- old/permissions-2012.10.15.1348/chkstat.c 2012-10-15 13:48:16.000000000
+0200
+++ new/permissions-2012.11.27.1640/chkstat.c 2012-11-27 16:40:51.000000000
+0100
@@ -298,7 +298,8 @@
p+=2;
if (isquote(*p) || !*p)
have_fscaps=0;
- }
+ } else
+ have_fscaps=1; /* default */
}
}
fclose(fp);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2012.10.15.1348/permissions.easy
new/permissions-2012.11.27.1640/permissions.easy
--- old/permissions-2012.10.15.1348/permissions.easy 2012-10-15
13:48:16.000000000 +0200
+++ new/permissions-2012.11.27.1640/permissions.easy 2012-11-27
16:40:51.000000000 +0100
@@ -58,7 +58,7 @@
/sbin/mount.nfs root:root 4755
/bin/mount root:root 4755
/bin/umount root:root 4755
-/bin/eject root:audio 4755
+/usr/bin/eject root:audio 4755
#
# #133657
/usr/bin/fusermount root:trusted 4755
@@ -144,9 +144,9 @@
#
# networking (need root for the privileged socket)
#
-/bin/ping root:root 4755
+/usr/bin/ping root:root 4755
+capabilities cap_net_raw=ep
-/bin/ping6 root:root 4755
+/usr/bin/ping6 root:root 4755
+capabilities cap_net_raw=ep
# mtr is linked against ncurses. For dialout only.
/usr/sbin/mtr root:dialout 4750
@@ -312,11 +312,14 @@
/usr/sbin/hawk_invoke root:haclient 4750
# chromium (bnc#718016)
-/usr/lib/chrome_sandbox root:root
4755
+/usr/lib/chrome_sandbox root:root 4755
# ecryptfs-utils (bnc#740110)
/sbin/mount.ecryptfs_private root:root 4755
+# wireshark (not yet)
+/usr/bin/dumpcap root:root 0755
+
#
# XXX: / -> /usr merge and sbin -> bin merge
# XXX: duplicated entries need to be cleaned up before 12.2
@@ -327,7 +330,6 @@
/usr/bin/mount.nfs root:root 4755
/usr/bin/mount root:root 4755
/usr/bin/umount root:root 4755
-/usr/bin/eject root:audio 4755
/usr/sbin/unix_chkpwd root:shadow 4755
/usr/bin/unix_chkpwd root:shadow 4755
/usr/sbin/unix2_chkpwd root:shadow 4755
@@ -336,7 +338,4 @@
/usr/bin/isdnctrl root:dialout 4750
/usr/sbin/pccardctl root:trusted 4755
/usr/bin/pccardctl root:trusted 4755
-/usr/bin/ping root:root 4755
- +capabilities cap_net_raw=ep
-/usr/bin/ping6 root:root 4755
- +capabilities cap_net_raw=ep
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2012.10.15.1348/permissions.paranoid
new/permissions-2012.11.27.1640/permissions.paranoid
--- old/permissions-2012.10.15.1348/permissions.paranoid 2012-10-15
13:48:16.000000000 +0200
+++ new/permissions-2012.11.27.1640/permissions.paranoid 2012-11-27
16:40:51.000000000 +0100
@@ -73,7 +73,7 @@
/sbin/mount.nfs root:root 0755
/bin/mount root:root 0755
/bin/umount root:root 0755
-/bin/eject root:audio 0755
+/usr/bin/eject root:audio 0750
#
# #133657
/usr/bin/fusermount root:trusted 0755
@@ -160,8 +160,8 @@
#
# networking (need root for the privileged socket)
#
-/bin/ping root:root 0755
-/bin/ping6 root:root 0755
+/usr/bin/ping root:root 0755
+/usr/bin/ping6 root:root 0755
# mtr is linked against ncurses.
/usr/sbin/mtr root:dialout 0755
/usr/bin/rcp root:root 0755
@@ -324,11 +324,14 @@
/usr/sbin/hawk_invoke root:haclient 0755
# chromium (bnc#718016)
-/usr/lib/chrome_sandbox root:root
0755
+/usr/lib/chrome_sandbox root:root 0755
# ecryptfs-utils (bnc#740110)
/sbin/mount.ecryptfs_private root:root 0755
+# wireshark (not yet)
+/usr/bin/dumpcap root:root 0755
+
#
# XXX: / -> /usr merge and sbin -> bin merge
# XXX: duplicated entries need to be cleaned up before 12.2
@@ -339,7 +342,6 @@
/usr/bin/mount.nfs root:root 0755
/usr/bin/mount root:root 0755
/usr/bin/umount root:root 0755
-/usr/bin/eject root:audio 0750
/usr/sbin/unix_chkpwd root:shadow 0755
/usr/bin/unix_chkpwd root:shadow 0755
/usr/sbin/unix2_chkpwd root:shadow 0755
@@ -348,5 +350,3 @@
/usr/bin/isdnctrl root:dialout 0755
/usr/sbin/pccardctl root:trusted 0755
/usr/bin/pccardctl root:trusted 0755
-/usr/bin/ping root:root 0755
-/usr/bin/ping6 root:root 0755
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2012.10.15.1348/permissions.secure
new/permissions-2012.11.27.1640/permissions.secure
--- old/permissions-2012.10.15.1348/permissions.secure 2012-10-15
13:48:16.000000000 +0200
+++ new/permissions-2012.11.27.1640/permissions.secure 2012-11-27
16:40:51.000000000 +0100
@@ -96,7 +96,7 @@
/sbin/mount.nfs root:root 0755
/bin/mount root:root 4755
/bin/umount root:root 4755
-/bin/eject root:audio 4750
+/usr/bin/eject root:audio 4750
#
# #133657
/usr/bin/fusermount root:trusted 4750
@@ -182,9 +182,9 @@
#
# networking (need root for the privileged socket)
#
-/bin/ping root:root 4755
+/usr/bin/ping root:root 4755
+capabilities cap_net_raw=ep
-/bin/ping6 root:root 4755
+/usr/bin/ping6 root:root 4755
+capabilities cap_net_raw=ep
# mtr is linked against ncurses. no suid bit, for root only:
/usr/sbin/mtr root:dialout 0755
@@ -355,6 +355,9 @@
# ecryptfs-utils (bnc#740110)
/sbin/mount.ecryptfs_private root:root 0755
+# wireshark (not yet)
+/usr/bin/dumpcap root:root 0755
+
#
# XXX: / -> /usr merge and sbin -> bin merge
# XXX: duplicated entries need to be cleaned up before 12.2
@@ -365,7 +368,6 @@
/usr/bin/mount.nfs root:root 0755
/usr/bin/mount root:root 4755
/usr/bin/umount root:root 4755
-/usr/bin/eject root:audio 4750
/usr/sbin/unix_chkpwd root:shadow 4755
/usr/bin/unix_chkpwd root:shadow 4755
/usr/sbin/unix2_chkpwd root:shadow 4755
@@ -374,7 +376,3 @@
/usr/bin/isdnctrl root:dialout 4750
/usr/sbin/pccardctl root:trusted 4750
/usr/bin/pccardctl root:trusted 4750
-/usr/bin/ping root:root 4755
- +capabilities cap_net_raw=ep
-/usr/bin/ping6 root:root 4755
- +capabilities cap_net_raw=ep
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/permissions-2012.10.15.1348/sysconfig.security
new/permissions-2012.11.27.1640/sysconfig.security
--- old/permissions-2012.10.15.1348/sysconfig.security 2012-10-15
13:48:16.000000000 +0200
+++ new/permissions-2012.11.27.1640/sysconfig.security 2012-11-27
16:40:51.000000000 +0100
@@ -8,3 +8,11 @@
#
PERMISSION_SECURITY="easy local"
+## Description: Use filesystem capabilities for more finegrained permission
handling
+## Type: yesno
+## Default: "yes"
+#
+# Flag whether to use filesystem capabilities for finegrained
+# access control (compared to setuid) or not.
+#
+PERMISSION_FSCAPS=""
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
