rpms / subscription-manager

Clone
Source Code
GIT

Blame SOURCES/00001-fix-dbus-policy.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic-beta c7-beta c7-extras c8 c8-beta c8s c9 c9-beta
  1.   a6192a196928814c6432ba222d60d1d5c7861637
  2.   SOURCES
  3.   00001-fix-dbus-policy.patch
Blob History Raw
6e10f9 
diff --git a/etc-conf/dbus/system.d/com.redhat.RHSM1.conf b/etc-conf/dbus/system.d/com.redhat.RHSM1.conf
6e10f9 
index e21c57263..11adf1d79 100644
6e10f9 
--- a/etc-conf/dbus/system.d/com.redhat.RHSM1.conf
6e10f9 
+++ b/etc-conf/dbus/system.d/com.redhat.RHSM1.conf
6e10f9 
@@ -7,23 +7,9 @@
6e10f9 
     <policy user="root">
6e10f9 
         <allow own="com.redhat.RHSM1"/>
6e10f9
6e10f9 
-
6e10f9 
-
6e10f9 
-            send_interface="org.freedesktop.DBus.Introspectable"/>
6e10f9 
-
6e10f9 
-            send_interface="org.freedesktop.DBus.Properties"/>
6e10f9 
-
6e10f9 
-            send_interface="org.freedesktop.DBus.ObjectManager"/>
6e10f9 
-
6e10f9 
-
6e10f9 
-
6e10f9 
-            send_interface="com.redhat.RHSM1.Config"
6e10f9 
-            send_member="Set"/>
6e10f9 
-    </policy>
6e10f9 
-
6e10f9 
-
6e10f9 
-    <policy context="default">
6e10f9 
-
6e10f9 
+
6e10f9 
+        Lock down the objects to root access only
6e10f9 
+        -->
6e10f9
6e10f9
6e10f9 
             send_interface="com.redhat.RHSM1"/>
6e10f9 
@@ -37,11 +23,6 @@
6e10f9
6e10f9 
             send_interface="com.redhat.RHSM1.Config"/>
6e10f9
6e10f9 
-
6e10f9 
-
6e10f9 
-            send_interface="com.redhat.RHSM1.Config"
6e10f9 
-            send_member="Set"/>
6e10f9 
-
6e10f9
6e10f9 
             send_interface="com.redhat.RHSM1.RegisterServer"/>
6e10f9
6e10f9 
@@ -65,5 +46,54 @@
6e10f9
6e10f9 
             send_interface="org.freedesktop.DBus.ObjectManager"/>
6e10f9 
     </policy>
6e10f9 
-</busconfig>
6e10f9
6e10f9 
+
6e10f9 
+    <policy context="default">
6e10f9 
+
6e10f9 
+
6e10f9 
+        Non-root users can execute only methods providing
6e10f9 
+        information from files readable by non-root users.
6e10f9 
+        -->
6e10f9 
+
6e10f9 
+
6e10f9 
+            send_interface="com.redhat.RHSM1.Entitlement"
6e10f9 
+            send_member="GetStatus"/>
6e10f9 
+
6e10f9 
+
6e10f9 
+            send_interface="com.redhat.RHSM1.Products"
6e10f9 
+            send_member="ListInstalledProducts"/>
6e10f9 
+
6e10f9 
+
6e10f9 
+            send_interface="com.redhat.RHSM1.Syspurpose"
6e10f9 
+            send_member="GetSyspurpose"/>
6e10f9 
+
6e10f9 
+
6e10f9 
+            send_interface="com.redhat.RHSM1.Syspurpose"
6e10f9 
+            send_member="GetSyspurposeStatus"/>
6e10f9 
+
6e10f9 
+
6e10f9 
+            send_interface="com.redhat.RHSM1.Config"
6e10f9 
+            send_member="GetAll"/>
6e10f9 
+
6e10f9 
+
6e10f9 
+            send_interface="com.redhat.RHSM1.Config"
6e10f9 
+            send_member="Get"/>
6e10f9 
+
6e10f9 
+
6e10f9 
+        The UUID returned by following method is read
6e10f9 
+        from consumer cert. Only this file is not
6e10f9 
+        readable by non-root users.
6e10f9 
+        -->
6e10f9 
+
6e10f9 
+            send_interface="com.redhat.RHSM1.Consumer"
6e10f9 
+            send_member="GetUuid"/>
6e10f9 
+
6e10f9 
+
6e10f9 
+
6e10f9 
+            send_interface="org.freedesktop.DBus.Introspectable"/>
6e10f9 
+
6e10f9 
+            send_interface="org.freedesktop.DBus.Properties"/>
6e10f9 
+
6e10f9 
+            send_interface="org.freedesktop.DBus.ObjectManager"/>
6e10f9 
+    </policy>
6e10f9 
+</busconfig>

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation