File 0010-libvirt-polkit-actions-whitelisting-of-inc... of Package polkit-default-privs.12276

Overview Repositories Revisions Requests Users Attributes Meta

File 0010-libvirt-polkit-actions-whitelisting-of-incremental-n.patch of Package polkit-default-privs.12276

From 2f6462c868d8b9b4ca13e4c532a6a4ec443d4517 Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <matthias.gerstner@suse.de>
Date: Wed, 3 Jul 2019 15:39:14 +0200
Subject: [PATCH 1/2] libvirt polkit actions: whitelisting of incremental
 no:no:no actions (bsc#1140151)

---
 polkit-default-privs.restrictive | 6 ++++++
 polkit-default-privs.standard    | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/polkit-default-privs.restrictive b/polkit-default-privs.restrictive
index adeda1a..212d9f0 100644
--- a/polkit-default-privs.restrictive
+++ b/polkit-default-privs.restrictive
@@ -642,6 +642,12 @@ org.libvirt.api.nwfilter-binding.read			auth_admin_keep
 org.libvirt.api.nwfilter-binding.create			no
 org.libvirt.api.nwfilter-binding.delete			no
 
+# libvirt (bsc#1140151)
+# addition of all no:no:no actions
+org.libvirt.api.network-port.create			no
+org.libvirt.api.network-port.delete			no
+org.libvirt.api.network-port.write			no
+
 # MATE settings-daemon (bnc#831404)
 org.mate.settingsdaemon.datetimemechanism.settimezone		auth_admin_keep
 org.mate.settingsdaemon.datetimemechanism.settime		auth_admin_keep
diff --git a/polkit-default-privs.standard b/polkit-default-privs.standard
index c548e22..db0b2ea 100644
--- a/polkit-default-privs.standard
+++ b/polkit-default-privs.standard
@@ -705,6 +705,12 @@ org.libvirt.api.nwfilter-binding.read			auth_admin_keep
 org.libvirt.api.nwfilter-binding.create			no
 org.libvirt.api.nwfilter-binding.delete			no
 
+# libvirt (bsc#1140151)
+# addition of all no:no:no actions
+org.libvirt.api.network-port.create			no
+org.libvirt.api.network-port.delete			no
+org.libvirt.api.network-port.write			no
+
 # MATE settings-daemon (bnc#831404)
 org.mate.settingsdaemon.datetimemechanism.settimezone		auth_admin_keep
 org.mate.settingsdaemon.datetimemechanism.settime		auth_admin_keep
-- 
2.21.0

From 26f38764899f239f593e33e0087d83de8d46ffdc Mon Sep 17 00:00:00 2001
From: Matthias Gerstner <matthias.gerstner@suse.de>
Date: Thu, 11 Jul 2019 15:23:15 +0200
Subject: [PATCH 2/2] libvirt: add a couple of additional polkit actions
 (bsc#1140151)

In commit 9a076dcb084f413265b28f0716c59d752abb5a0a I failed to consider
a few more rules. These are them.
---
 polkit-default-privs.restrictive | 5 ++++-
 polkit-default-privs.standard    | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/polkit-default-privs.restrictive b/polkit-default-privs.restrictive
index 212d9f0..5173320 100644
--- a/polkit-default-privs.restrictive
+++ b/polkit-default-privs.restrictive
@@ -643,10 +643,13 @@ org.libvirt.api.nwfilter-binding.create			no
 org.libvirt.api.nwfilter-binding.delete			no
 
 # libvirt (bsc#1140151)
-# addition of all no:no:no actions
+# addition of all no:no:no actions and two read-only actions
 org.libvirt.api.network-port.create			no
 org.libvirt.api.network-port.delete			no
 org.libvirt.api.network-port.write			no
+org.libvirt.api.network.search-ports			no
+org.libvirt.api.network-port.getattr			auth_self:yes:yes
+org.libvirt.api.network-port.read			auth_self:yes:yes
 
 # MATE settings-daemon (bnc#831404)
 org.mate.settingsdaemon.datetimemechanism.settimezone		auth_admin_keep
diff --git a/polkit-default-privs.standard b/polkit-default-privs.standard
index db0b2ea..c5d2de9 100644
--- a/polkit-default-privs.standard
+++ b/polkit-default-privs.standard
@@ -706,10 +706,13 @@ org.libvirt.api.nwfilter-binding.create			no
 org.libvirt.api.nwfilter-binding.delete			no
 
 # libvirt (bsc#1140151)
-# addition of all no:no:no actions
+# addition of all no:no:no actions and two read-only actions
 org.libvirt.api.network-port.create			no
 org.libvirt.api.network-port.delete			no
 org.libvirt.api.network-port.write			no
+org.libvirt.api.network.search-ports			no
+org.libvirt.api.network-port.getattr			yes
+org.libvirt.api.network-port.read			yes
 
 # MATE settings-daemon (bnc#831404)
 org.mate.settingsdaemon.datetimemechanism.settimezone		auth_admin_keep
-- 
2.21.0

Places

File 0010-libvirt-polkit-actions-whitelisting-of-incremental-n.patch of Package polkit-default-privs.12276

Places