Author: jsuchome
Date: Fri Sep 16 10:40:20 2011
New Revision: 65732
URL: http://svn.opensuse.org/viewcvs/yast?rev=65732&view=rev
Log:
- added option to tune system hibernation rights (bnc#704997)
- 2.21.3
Modified:
trunk/security/VERSION
trunk/security/package/yast2-security.changes
trunk/security/src/Security.ycp
trunk/security/src/dialogs.ycp
trunk/security/src/helps.ycp
trunk/security/src/levels.ycp
trunk/security/src/widgets.ycp
trunk/security/testsuite/tests/Import.out
trunk/security/testsuite/tests/Read.out
trunk/security/testsuite/tests/Read.ycp
trunk/security/testsuite/tests/Write.ycp
Modified: trunk/security/VERSION
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/VERSION?rev=65732&r1=65731&r2=65732&view=diff
==============================================================================
--- trunk/security/VERSION (original)
+++ trunk/security/VERSION Fri Sep 16 10:40:20 2011
@@ -1 +1 @@
-2.21.2
+2.21.3
Modified: trunk/security/package/yast2-security.changes
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/package/yast2-security.changes?rev=65732&r1=65731&r2=65732&view=diff
==============================================================================
--- trunk/security/package/yast2-security.changes (original)
+++ trunk/security/package/yast2-security.changes Fri Sep 16 10:40:20 2011
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Fri Sep 16 10:38:59 CEST 2011 - jsuchome@suse.cz
+
+- added option to tune system hibernation rights (bnc#704997)
+- 2.21.3
+
+-------------------------------------------------------------------
Thu Sep 8 15:43:35 CEST 2011 - jsuchome@suse.cz
- sysctl settings now in /etc/sysctl.conf (bnc#714405)
Modified: trunk/security/src/Security.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/Security.ycp?rev=65732&r1=65731&r2=65732&view=diff
==============================================================================
--- trunk/security/src/Security.ycp (original)
+++ trunk/security/src/Security.ycp Fri Sep 16 10:40:20 2011
@@ -121,6 +121,7 @@
"GID_MAX" : "60000",
"GID_MIN" : "1000",
"DISPLAYMANAGER_SHUTDOWN" : "all",
+ "HIBERNATE_SYSTEM" : "active_console",
"LASTLOG_ENAB" : "yes",
"PASSWD_ENCRYPTION" : "sha512",
"GROUP_ENCRYPTION" : "md5",
@@ -228,6 +229,10 @@
"net.ipv6.conf.all.forwarding" : "0"
];
+/**
+ * Mapping of /etc/sysctl.conf keys to old (obsoleted) sysconfig ones
+ * (used during autoYaST import
+ */
map sysctl2sysconfig = $[
"kernel.sysrq" : "ENABLE_SYSRQ",
"net.ipv4.tcp_syncookies" : "IP_TCP_SYNCOOKIES",
@@ -235,6 +240,16 @@
"net.ipv6.conf.all.forwarding" : "IPV6_FORWARD"
];
+/**
+ * mapping of internal YaST values to values needed for
+ * org.freedesktop.upower.hibernate privilege
+ */
+map ycp2polkit = $[
+ "active_console" : "auth_admin:auth_admin:yes",
+ "auth_admin" : "auth_admin:auth_admin:auth_admin",
+ "anyone" : "yes:yes:yes"
+];
+
/*
* Remaining settings:
* - CONSOLE_SHUTDOWN (/etc/inittab)
@@ -438,6 +453,19 @@
Settings["PERMISSION_SECURITY"] = perm;
y2debug("Settings=%1", Settings);
+ // read local polkit settings
+ string action = "org.freedesktop.upower.hibernate";
+ string hibernate = (string) SCR::Read (add (.etc.polkit-default-privs_local, action));
+ if (hibernate != nil)
+ {
+ Settings["HIBERNATE_SYSTEM"] = "active_console";
+ if (hibernate == "auth_admin:auth_admin:auth_admin")
+ Settings["HIBERNATE_SYSTEM"] = "auth_admin";
+ if (hibernate == "yes:yes:yes")
+ Settings["HIBERNATE_SYSTEM"] = "anyone";
+ }
+ y2debug ("HIBERNATE_SYSTEM: %1", Settings["HIBERNATE_SYSTEM"]:"");
+
// read sysctl.conf
foreach (string key, string default_value, sysctl, {
string val = (string) SCR::Read (add (.etc.sysctl_conf, key));
@@ -580,6 +608,16 @@
PamSettings::Write (false);
+ // write local polkit settings
+ if (Settings["HIBERNATE_SYSTEM"]:"" != Settings_bak["HIBERNATE_SYSTEM"]:"")
+ {
+ // allow writing any value (different from predefined ones)
+ string ycp_value= Settings["HIBERNATE_SYSTEM"]:"active_console";
+ string hibernate= ycp2polkit[ycp_value]:ycp_value;
+ string action = "org.freedesktop.upower.hibernate";
+ SCR::Write (add (.etc.polkit-default-privs_local, action), hibernate);
+ }
+
// write sysctl.conf
foreach (string key, string default_value, sysctl, {
string val = Settings[key]:default_value;
Modified: trunk/security/src/dialogs.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/dialogs.ycp?rev=65732&r1=65731&r2=65732&view=diff
==============================================================================
--- trunk/security/src/dialogs.ycp (original)
+++ trunk/security/src/dialogs.ycp Fri Sep 16 10:40:20 2011
@@ -525,6 +525,8 @@
settings2widget("CONSOLE_SHUTDOWN"),
`VSpacing(1.0),
settings2widget("DISPLAYMANAGER_SHUTDOWN"),
+ `VSpacing(1.0),
+ settings2widget("HIBERNATE_SYSTEM"),
`VSpacing(1)
),
`HSpacing(3)
@@ -576,6 +578,7 @@
if(ret == `next || contains(tree_dialogs, ret)) {
widget2settings("CONSOLE_SHUTDOWN");
widget2settings("DISPLAYMANAGER_SHUTDOWN");
+ widget2settings("HIBERNATE_SYSTEM");
}
return ret;
Modified: trunk/security/src/helps.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/helps.ycp?rev=65732&r1=65731&r2=65732&view=diff
==============================================================================
--- trunk/security/src/helps.ycp (original)
+++ trunk/security/src/helps.ycp Fri Sep 16 10:40:20 2011
@@ -37,11 +37,11 @@
Abort the save procedure by pressing <b>Abort</b>.</p>"),
- /* Boot dialog help 1/3 */
+ /* Boot dialog help 1/4 */
"boot" : _("<p><b><big>Boot Security</big></b></p>
<p>In this dialog, change various boot settings related to security.</p>") +
- /* Boot dialog help 2/3 */
+ /* Boot dialog help 2/4 */
_("<p><b>Interpretation of Ctrl + Alt + Del</b>:
Configure what the system should do in response to
someone at the console pressing the CTRL + ALT + DEL key
@@ -49,9 +49,15 @@
to ignore this event, for example, when the system serves as both
workstation and server.</p>") +
- /* Boot dialog help 3/3 */
+ /* Boot dialog help 3/4 */
_("<p><b>Shutdown Behaviour of Login Manager</b>:
Set who is allowed to shut down the machine from KDM.</p>
+") +
+
+ // Boot dialog help 4/4
+ _("<p><b>Hibernate System</b>:
+Set the conditions for allowing users to hibernate the system. By default, user on active console has such right.
+Other options are allowing the action to any user or requiring authentication in all cases.</p>
"),
Modified: trunk/security/src/levels.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/levels.ycp?rev=65732&r1=65731&r2=65732&view=diff
==============================================================================
--- trunk/security/src/levels.ycp (original)
+++ trunk/security/src/levels.ycp Fri Sep 16 10:40:20 2011
@@ -65,6 +65,7 @@
"GID_MAX" : "60000",
"GID_MIN" : "1000",
"DISPLAYMANAGER_SHUTDOWN" : "all",
+ "HIBERNATE_SYSTEM" : "active_console",
"LASTLOG_ENAB" : "yes",
"PASSWD_ENCRYPTION" : "sha512",
"PASSWD_USE_CRACKLIB" : "yes",
@@ -107,6 +108,7 @@
"GID_MAX" : "60000",
"GID_MIN" : "1000",
"DISPLAYMANAGER_SHUTDOWN" : "root",
+ "HIBERNATE_SYSTEM" : "active_console",
"LASTLOG_ENAB" : "yes",
"PASSWD_ENCRYPTION" : "sha512",
"PASSWD_USE_CRACKLIB" : "yes",
@@ -149,6 +151,7 @@
"GID_MAX" : "60000",
"GID_MIN" : "1000",
"DISPLAYMANAGER_SHUTDOWN" : "root",
+ "HIBERNATE_SYSTEM" : "active_console",
"LASTLOG_ENAB" : "yes",
"PASSWD_ENCRYPTION" : "sha512",
"PASSWD_USE_CRACKLIB" : "yes",
Modified: trunk/security/src/widgets.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/src/widgets.ycp?rev=65732&r1=65731&r2=65732&view=diff
==============================================================================
--- trunk/security/src/widgets.ycp (original)
+++ trunk/security/src/widgets.ycp Fri Sep 16 10:40:20 2011
@@ -160,6 +160,21 @@
"Value" : "all"
],
+ "HIBERNATE_SYSTEM" : $[
+ "Widget" : "ComboBox",
+ // ComboBox label
+ "Label" : _("System Hybernation"),
+ "Options" : [
+ // ComboBox value
+ ["active_console", _("User on the active console")],
+ // ComboBox value
+ ["anyone", _("Anyone can hibernate")],
+ // ComboBox value
+ ["auth_admin", _("Authentication always required")],
+ ],
+ "Value" : "active_console"
+ ],
+
"LASTLOG_ENAB" : $[
"Widget" : "CheckBox",
/* CheckBox label */
Modified: trunk/security/testsuite/tests/Import.out
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Import.out?rev=65732&r1=65731&r2=65732&view=diff
==============================================================================
--- trunk/security/testsuite/tests/Import.out (original)
+++ trunk/security/testsuite/tests/Import.out Fri Sep 16 10:40:20 2011
@@ -1,2 +1,2 @@
Return true
-Dump $["CONSOLE_SHUTDOWN":"reboot", "CRACKLIB_DICT_PATH":"/usr/lib/cracklib_dict", "CWD_IN_ROOT_PATH":"r2", "CWD_IN_USER_PATH":"r2s", "DISABLE_RESTART_ON_UPDATE":"r13", "DISABLE_STOP_ON_REMOVAL":"r14", "DISPLAYMANAGER_REMOTE_ACCESS":"r4", "DISPLAYMANAGER_ROOT_LOGIN_REMOTE":"r16", "DISPLAYMANAGER_SHUTDOWN":"r3", "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN":"r17", "FAIL_DELAY":"l2", "GID_MAX":"l3", "GID_MIN":"l4", "GROUP_ENCRYPTION":"md5", "LASTLOG_ENAB":"l5", "PASSWD_ENCRYPTION":"sha512", "PASSWD_REMEMBER_HISTORY":"0", "PASSWD_USE_CRACKLIB":"yes", "PASS_MAX_DAYS":"l7", "PASS_MIN_DAYS":"l9", "PASS_MIN_LEN":"l10", "PASS_WARN_AGE":"l11", "PERMISSION_SECURITY":"r5", "RUNLEVEL3_EXTRA_SERVICES":"no", "RUNLEVEL3_MANDATORY_SERVICES":"yes", "RUNLEVEL5_EXTRA_SERVICES":"no", "RUNLEVEL5_MANDATORY_SERVICES":"yes", "RUN_UPDATEDB_AS":"r7", "SMTPD_LISTEN_REMOTE":"no", "SYSLOG_ON_NO_ERROR":"yes", "SYSTEM_GID_MAX":"l16", "SYSTEM_GID_MIN":"l17", "SYSTEM_UID_MAX":"l14", "SYSTEM_UID_MIN":"l15", "S
YSTOHC":"yes", "UID_MAX":"l12", "UID_MIN":"l13", "USERADD_CMD":"l18", "USERDEL_POSTCMD":"l20", "USERDEL_PRECMD":"l19", "kernel.sysrq":"1", "net.ipv4.ip_forward":"0", "net.ipv4.tcp_syncookies":"1", "net.ipv6.conf.all.forwarding":"1"]
+Dump $["CONSOLE_SHUTDOWN":"reboot", "CRACKLIB_DICT_PATH":"/usr/lib/cracklib_dict", "CWD_IN_ROOT_PATH":"r2", "CWD_IN_USER_PATH":"r2s", "DISABLE_RESTART_ON_UPDATE":"r13", "DISABLE_STOP_ON_REMOVAL":"r14", "DISPLAYMANAGER_REMOTE_ACCESS":"r4", "DISPLAYMANAGER_ROOT_LOGIN_REMOTE":"r16", "DISPLAYMANAGER_SHUTDOWN":"r3", "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN":"r17", "FAIL_DELAY":"l2", "GID_MAX":"l3", "GID_MIN":"l4", "GROUP_ENCRYPTION":"md5", "HIBERNATE_SYSTEM":"active_console", "LASTLOG_ENAB":"l5", "PASSWD_ENCRYPTION":"sha512", "PASSWD_REMEMBER_HISTORY":"0", "PASSWD_USE_CRACKLIB":"yes", "PASS_MAX_DAYS":"l7", "PASS_MIN_DAYS":"l9", "PASS_MIN_LEN":"l10", "PASS_WARN_AGE":"l11", "PERMISSION_SECURITY":"r5", "RUNLEVEL3_EXTRA_SERVICES":"no", "RUNLEVEL3_MANDATORY_SERVICES":"yes", "RUNLEVEL5_EXTRA_SERVICES":"no", "RUNLEVEL5_MANDATORY_SERVICES":"yes", "RUN_UPDATEDB_AS":"r7", "SMTPD_LISTEN_REMOTE":"no", "SYSLOG_ON_NO_ERROR":"yes", "SYSTEM_GID_MAX":"l16", "SYSTEM_GID_MIN":"l17", "SYSTEM_UID_M
AX":"l14", "SYSTEM_UID_MIN":"l15", "SYSTOHC":"yes", "UID_MAX":"l12", "UID_MIN":"l13", "USERADD_CMD":"l18", "USERDEL_POSTCMD":"l20", "USERDEL_PRECMD":"l19", "kernel.sysrq":"1", "net.ipv4.ip_forward":"0", "net.ipv4.tcp_syncookies":"1", "net.ipv6.conf.all.forwarding":"1"]
Modified: trunk/security/testsuite/tests/Read.out
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Read.out?rev=65732&r1=65731&r2=65732&view=diff
==============================================================================
--- trunk/security/testsuite/tests/Read.out (original)
+++ trunk/security/testsuite/tests/Read.out Fri Sep 16 10:40:20 2011
@@ -47,6 +47,7 @@
Read .etc.default.passwd.crypt "md5"
Execute .target.bash_output "/usr/sbin/pam-config -q --cracklib" $[]
Execute .target.bash_output "/usr/sbin/pam-config -q --pwhistory" $[]
+Read .etc.polkit-default-privs_local."org.freedesktop.upower.hibernate" "r12"
Read .etc.sysctl_conf."kernel.sysrq" "r8"
Read .etc.sysctl_conf."net.ipv4.ip_forward" "r10"
Read .etc.sysctl_conf."net.ipv4.tcp_syncookies" "r9"
Modified: trunk/security/testsuite/tests/Read.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Read.ycp?rev=65732&r1=65731&r2=65732&view=diff
==============================================================================
--- trunk/security/testsuite/tests/Read.ycp (original)
+++ trunk/security/testsuite/tests/Read.ycp Fri Sep 16 10:40:20 2011
@@ -82,6 +82,9 @@
"net.ipv4.ip_forward" : "r10",
"net.ipv6.conf.all.forwarding" : "r11",
],
+ "polkit-default-privs_local" : $[
+ "org.freedesktop.upower.hibernate" : "r12"
+ ],
],
"target" : $[ "size" : 1 ],
"pam" : $[ "passwd" : $[ "password" : $[
Modified: trunk/security/testsuite/tests/Write.ycp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/security/testsuite/tests/Write.ycp?rev=65732&r1=65731&r2=65732&view=diff
==============================================================================
--- trunk/security/testsuite/tests/Write.ycp (original)
+++ trunk/security/testsuite/tests/Write.ycp Fri Sep 16 10:40:20 2011
@@ -58,6 +58,7 @@
"SMTPD_LISTEN_REMOTE" : "r18",
"DHCPD_RUN_CHROOTED" : "r19",
"DHCPD_RUN_AS" : "r20",
+ "HIBERNATE_SYSTEM" : "r21"
];
map E = $[
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org