Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2013-06-13 20:27:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "permissions" Changes: -------- --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2013-05-13 15:12:06.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2013-06-13 20:27:17.000000000 +0200 @@ -1,0 +2,12 @@ +Wed Jun 12 11:10:18 UTC 2013 - [email protected] + +- utempter helper binary moved in new version to /usr/lib/utempter/utempter (bnc#823302) + +------------------------------------------------------------------- +Mon Jun 10 09:46:15 UTC 2013 - [email protected] + +- cdrtools: allow some filesystem capabilities for more stable CD/DVD + burning in "easy" mode. (bnc#550021) (cap_sys_nice, cap_sys_rawio, + cap_sys_resource, cap_ipc_lock) + +------------------------------------------------------------------- Old: ---- permissions-2013.05.08.1626.tar.bz2 New: ---- permissions-2013.06.12.1309.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ permissions.spec ++++++ --- /var/tmp/diff_new_pack.9sWKdV/_old 2013-06-13 20:27:18.000000000 +0200 +++ /var/tmp/diff_new_pack.9sWKdV/_new 2013-06-13 20:27:18.000000000 +0200 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version: 2013.05.08.1626 +Version: 2013.06.12.1309 Release: 0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++++++ permissions-2013.05.08.1626.tar.bz2 -> permissions-2013.06.12.1309.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.05.08.1626/permissions new/permissions-2013.06.12.1309/permissions --- old/permissions-2013.05.08.1626/permissions 2013-05-08 16:26:23.000000000 +0200 +++ new/permissions-2013.06.12.1309/permissions 2013-06-12 13:09:16.000000000 +0200 @@ -122,6 +122,7 @@ # utempter /usr/sbin/utempter root:utmp 2755 +/usr/lib/utempter/utempter root:utmp 2755 # ensure correct permissions on ssh files to avoid sshd refusing # logins (bnc#398250) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.05.08.1626/permissions.easy new/permissions-2013.06.12.1309/permissions.easy --- old/permissions-2013.05.08.1626/permissions.easy 2013-05-08 16:26:23.000000000 +0200 +++ new/permissions-2013.06.12.1309/permissions.easy 2013-06-12 13:09:16.000000000 +0200 @@ -347,8 +347,10 @@ /usr/bin/pccardctl root:trusted 4755 # cdrecord of cdrtools from Joerg Schilling (bnc#550021) -# not allowed setuid root or any capabilities unless audit bug is resolved -# leave it disabled until it is in the distro to allow their overrides -#/usr/bin/cdrecord root:root 755 -#/usr/bin/readcd root:root 755 -#/usr/bin/cdda2wav root:root 755 +# Please note that additional capabilities are provided only for reliable +# CD/DVD burning and do not cover all use-cases of cdrecord. +/usr/bin/cdrecord root:root 755 + +capabilities cap_sys_resource,cap_sys_nice,cap_ipc_lock,cap_sys_rawio=ep +# no special privileges are needed for cd reading. +/usr/bin/readcd root:root 755 +/usr/bin/cdda2wav root:root 755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.05.08.1626/permissions.paranoid new/permissions-2013.06.12.1309/permissions.paranoid --- old/permissions-2013.05.08.1626/permissions.paranoid 2013-05-08 16:26:23.000000000 +0200 +++ new/permissions-2013.06.12.1309/permissions.paranoid 2013-06-12 13:09:16.000000000 +0200 @@ -359,7 +359,8 @@ /usr/bin/pccardctl root:trusted 0755 # cdrecord of cdrtools from Joerg Schilling (bnc#550021) -# not allowed setuid root or any capabilities unless audit bug is resolved +# in paranoid mode, no provisions are made for reliable cd burning, as admins +# will have very likely prohibited that anyway. /usr/bin/cdrecord root:root 755 /usr/bin/readcd root:root 755 /usr/bin/cdda2wav root:root 755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2013.05.08.1626/permissions.secure new/permissions-2013.06.12.1309/permissions.secure --- old/permissions-2013.05.08.1626/permissions.secure 2013-05-08 16:26:23.000000000 +0200 +++ new/permissions-2013.06.12.1309/permissions.secure 2013-06-12 13:09:16.000000000 +0200 @@ -386,8 +386,8 @@ /usr/bin/pccardctl root:trusted 4750 # cdrecord of cdrtools from Joerg Schilling (bnc#550021) -# not allowed setuid root or any capabilities unless audit bug is resolved -# leave it out until it is in the distro -#/usr/bin/cdrecord root:root 755 -#/usr/bin/readcd root:root 755 -#/usr/bin/cdda2wav root:root 755 +# in secure mode, no provisions are made for reliable cd burning, as admins +# will have very likely prohibited that anyway. +/usr/bin/cdrecord root:root 755 +/usr/bin/readcd root:root 755 +/usr/bin/cdda2wav root:root 755 -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
