[Bug 1133843] New: AUDIT-0: systemd: Please review the new DBUS methods brought by systemd v242
http://bugzilla.suse.com/show_bug.cgi?id=1133843 Bug ID: 1133843 Summary: AUDIT-0: systemd: Please review the new DBUS methods brought by systemd v242 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: fbui@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Hello Secteam, Could you review the following DBUS methods so we can upgrade Factory with the latest version of systemd v242 ? org.freedesktop.login1.set-reboot-parameter org.freedesktop.login1.set-reboot-to-boot-loader-entry org.freedesktop.login1.set-reboot-to-boot-loader-menu You can find the default policies shipped by upstream here: https://github.com/systemd/systemd/blob/v242/src/login/org.freedesktop.login... Thanks. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1133843 http://bugzilla.suse.com/show_bug.cgi?id=1133843#c1 Matthias Gerstner <matthias.gerstner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |matthias.gerstner@suse.com --- Comment #1 from Matthias Gerstner <matthias.gerstner@suse.com> --- Thank you for opening the review bug. We will schedule the review. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1133843 http://bugzilla.suse.com/show_bug.cgi?id=1133843#c2 Johannes Segitz <jsegitz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jsegitz@suse.com Assignee|security-team@suse.de |jsegitz@suse.com --- Comment #2 from Johannes Segitz <jsegitz@suse.com> --- I'll work on this one -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1133843 http://bugzilla.suse.com/show_bug.cgi?id=1133843#c3 Johannes Segitz <jsegitz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #3 from Johannes Segitz <jsegitz@suse.com> --- we can whitelist this. I don't like how they handle the size calculations in efi_set_variable, but that's a minor point. I'll add the entries -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1133843 http://bugzilla.suse.com/show_bug.cgi?id=1133843#c4 Johannes Segitz <jsegitz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #4 from Johannes Segitz <jsegitz@suse.com> --- submitted updated whitelists. Please reopen if you need it in other products than Factory -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1133843 http://bugzilla.suse.com/show_bug.cgi?id=1133843#c5 --- Comment #5 from Franck Bui <fbui@suse.com> --- Thanks Johannes. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1133843 http://bugzilla.suse.com/show_bug.cgi?id=1133843#c6 --- Comment #6 from Johannes Segitz <jsegitz@suse.com> --- I played around with this a little bit more and I think the upstream settings <allow_any>auth_admin_keep</allow_any> <allow_inactive>auth_admin_keep</allow_inactive> <allow_active>yes</allow_active> are to lax. I'll set it to auth_admin_keep for all users. This should be a rather rare operation, so I don't expect that users are inconvenienced -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1133843 http://bugzilla.suse.com/show_bug.cgi?id=1133843#c7 --- Comment #7 from Swamp Workflow Management <swamp@suse.de> --- This is an autogenerated message for OBS integration: This bug (1133843) was mentioned in https://build.opensuse.org/request/show/704265 Factory / polkit-default-privs -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com