Hello community, here is the log from the commit of package permissions for openSUSE:Factory checked in at 2012-12-03 11:17:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/permissions (Old) and /work/SRC/openSUSE:Factory/.permissions.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "permissions", Maintainer is "meissner@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/permissions/permissions.changes 2012-11-22 17:02:38.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.permissions.new/permissions.changes 2012-12-03 11:18:01.000000000 +0100 @@ -1,0 +2,8 @@ +Tue Nov 27 15:41:16 UTC 2012 - meissner@suse.com + +- add /usr/bin/dumpcap to watchlist +- make fscaps=1 the default on "" +- added PERMISSION_FSCAPS to the sysconfig/security fillup template. +- /bin/ping(6) was moved to /usr/bin/ping(6) /bin/eject was moved to /usr/bin/eject + +------------------------------------------------------------------- Old: ---- permissions-2012.10.15.1348.tar.bz2 New: ---- permissions-2012.11.27.1640.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ permissions.spec ++++++ --- /var/tmp/diff_new_pack.1VZ9KD/_old 2012-12-03 11:18:02.000000000 +0100 +++ /var/tmp/diff_new_pack.1VZ9KD/_new 2012-12-03 11:18:02.000000000 +0100 @@ -20,7 +20,7 @@ BuildRequires: libcap-devel Name: permissions -Version: 2012.10.15.1348 +Version: 2012.11.27.1640 Release: 0 Provides: aaa_base:/etc/permissions PreReq: %fillup_prereq ++++++ permissions-2012.10.15.1348.tar.bz2 -> permissions-2012.11.27.1640.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.10.15.1348/chkstat.c new/permissions-2012.11.27.1640/chkstat.c --- old/permissions-2012.10.15.1348/chkstat.c 2012-10-15 13:48:16.000000000 +0200 +++ new/permissions-2012.11.27.1640/chkstat.c 2012-11-27 16:40:51.000000000 +0100 @@ -298,7 +298,8 @@ p+=2; if (isquote(*p) || !*p) have_fscaps=0; - } + } else + have_fscaps=1; /* default */ } } fclose(fp); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.10.15.1348/permissions.easy new/permissions-2012.11.27.1640/permissions.easy --- old/permissions-2012.10.15.1348/permissions.easy 2012-10-15 13:48:16.000000000 +0200 +++ new/permissions-2012.11.27.1640/permissions.easy 2012-11-27 16:40:51.000000000 +0100 @@ -58,7 +58,7 @@ /sbin/mount.nfs root:root 4755 /bin/mount root:root 4755 /bin/umount root:root 4755 -/bin/eject root:audio 4755 +/usr/bin/eject root:audio 4755 # # #133657 /usr/bin/fusermount root:trusted 4755 @@ -144,9 +144,9 @@ # # networking (need root for the privileged socket) # -/bin/ping root:root 4755 +/usr/bin/ping root:root 4755 +capabilities cap_net_raw=ep -/bin/ping6 root:root 4755 +/usr/bin/ping6 root:root 4755 +capabilities cap_net_raw=ep # mtr is linked against ncurses. For dialout only. /usr/sbin/mtr root:dialout 4750 @@ -312,11 +312,14 @@ /usr/sbin/hawk_invoke root:haclient 4750 # chromium (bnc#718016) -/usr/lib/chrome_sandbox root:root 4755 +/usr/lib/chrome_sandbox root:root 4755 # ecryptfs-utils (bnc#740110) /sbin/mount.ecryptfs_private root:root 4755 +# wireshark (not yet) +/usr/bin/dumpcap root:root 0755 + # # XXX: / -> /usr merge and sbin -> bin merge # XXX: duplicated entries need to be cleaned up before 12.2 @@ -327,7 +330,6 @@ /usr/bin/mount.nfs root:root 4755 /usr/bin/mount root:root 4755 /usr/bin/umount root:root 4755 -/usr/bin/eject root:audio 4755 /usr/sbin/unix_chkpwd root:shadow 4755 /usr/bin/unix_chkpwd root:shadow 4755 /usr/sbin/unix2_chkpwd root:shadow 4755 @@ -336,7 +338,4 @@ /usr/bin/isdnctrl root:dialout 4750 /usr/sbin/pccardctl root:trusted 4755 /usr/bin/pccardctl root:trusted 4755 -/usr/bin/ping root:root 4755 - +capabilities cap_net_raw=ep -/usr/bin/ping6 root:root 4755 - +capabilities cap_net_raw=ep + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.10.15.1348/permissions.paranoid new/permissions-2012.11.27.1640/permissions.paranoid --- old/permissions-2012.10.15.1348/permissions.paranoid 2012-10-15 13:48:16.000000000 +0200 +++ new/permissions-2012.11.27.1640/permissions.paranoid 2012-11-27 16:40:51.000000000 +0100 @@ -73,7 +73,7 @@ /sbin/mount.nfs root:root 0755 /bin/mount root:root 0755 /bin/umount root:root 0755 -/bin/eject root:audio 0755 +/usr/bin/eject root:audio 0750 # # #133657 /usr/bin/fusermount root:trusted 0755 @@ -160,8 +160,8 @@ # # networking (need root for the privileged socket) # -/bin/ping root:root 0755 -/bin/ping6 root:root 0755 +/usr/bin/ping root:root 0755 +/usr/bin/ping6 root:root 0755 # mtr is linked against ncurses. /usr/sbin/mtr root:dialout 0755 /usr/bin/rcp root:root 0755 @@ -324,11 +324,14 @@ /usr/sbin/hawk_invoke root:haclient 0755 # chromium (bnc#718016) -/usr/lib/chrome_sandbox root:root 0755 +/usr/lib/chrome_sandbox root:root 0755 # ecryptfs-utils (bnc#740110) /sbin/mount.ecryptfs_private root:root 0755 +# wireshark (not yet) +/usr/bin/dumpcap root:root 0755 + # # XXX: / -> /usr merge and sbin -> bin merge # XXX: duplicated entries need to be cleaned up before 12.2 @@ -339,7 +342,6 @@ /usr/bin/mount.nfs root:root 0755 /usr/bin/mount root:root 0755 /usr/bin/umount root:root 0755 -/usr/bin/eject root:audio 0750 /usr/sbin/unix_chkpwd root:shadow 0755 /usr/bin/unix_chkpwd root:shadow 0755 /usr/sbin/unix2_chkpwd root:shadow 0755 @@ -348,5 +350,3 @@ /usr/bin/isdnctrl root:dialout 0755 /usr/sbin/pccardctl root:trusted 0755 /usr/bin/pccardctl root:trusted 0755 -/usr/bin/ping root:root 0755 -/usr/bin/ping6 root:root 0755 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.10.15.1348/permissions.secure new/permissions-2012.11.27.1640/permissions.secure --- old/permissions-2012.10.15.1348/permissions.secure 2012-10-15 13:48:16.000000000 +0200 +++ new/permissions-2012.11.27.1640/permissions.secure 2012-11-27 16:40:51.000000000 +0100 @@ -96,7 +96,7 @@ /sbin/mount.nfs root:root 0755 /bin/mount root:root 4755 /bin/umount root:root 4755 -/bin/eject root:audio 4750 +/usr/bin/eject root:audio 4750 # # #133657 /usr/bin/fusermount root:trusted 4750 @@ -182,9 +182,9 @@ # # networking (need root for the privileged socket) # -/bin/ping root:root 4755 +/usr/bin/ping root:root 4755 +capabilities cap_net_raw=ep -/bin/ping6 root:root 4755 +/usr/bin/ping6 root:root 4755 +capabilities cap_net_raw=ep # mtr is linked against ncurses. no suid bit, for root only: /usr/sbin/mtr root:dialout 0755 @@ -355,6 +355,9 @@ # ecryptfs-utils (bnc#740110) /sbin/mount.ecryptfs_private root:root 0755 +# wireshark (not yet) +/usr/bin/dumpcap root:root 0755 + # # XXX: / -> /usr merge and sbin -> bin merge # XXX: duplicated entries need to be cleaned up before 12.2 @@ -365,7 +368,6 @@ /usr/bin/mount.nfs root:root 0755 /usr/bin/mount root:root 4755 /usr/bin/umount root:root 4755 -/usr/bin/eject root:audio 4750 /usr/sbin/unix_chkpwd root:shadow 4755 /usr/bin/unix_chkpwd root:shadow 4755 /usr/sbin/unix2_chkpwd root:shadow 4755 @@ -374,7 +376,3 @@ /usr/bin/isdnctrl root:dialout 4750 /usr/sbin/pccardctl root:trusted 4750 /usr/bin/pccardctl root:trusted 4750 -/usr/bin/ping root:root 4755 - +capabilities cap_net_raw=ep -/usr/bin/ping6 root:root 4755 - +capabilities cap_net_raw=ep diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/permissions-2012.10.15.1348/sysconfig.security new/permissions-2012.11.27.1640/sysconfig.security --- old/permissions-2012.10.15.1348/sysconfig.security 2012-10-15 13:48:16.000000000 +0200 +++ new/permissions-2012.11.27.1640/sysconfig.security 2012-11-27 16:40:51.000000000 +0100 @@ -8,3 +8,11 @@ # PERMISSION_SECURITY="easy local" +## Description: Use filesystem capabilities for more finegrained permission handling +## Type: yesno +## Default: "yes" +# +# Flag whether to use filesystem capabilities for finegrained +# access control (compared to setuid) or not. +# +PERMISSION_FSCAPS="" -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org