[abrt/f20] Fix desktop centric polkit policy file
Jakub Filak
jfilak at fedoraproject.org
Tue May 6 15:34:05 UTC 2014
commit 950b5d9e9eaae8c0f209cc275476724e6a6e2d38
Author: Jakub Filak <jfilak at redhat.com>
Date: Tue May 6 13:08:27 2014 +0200
Fix desktop centric polkit policy file
Resolves: #1094135
...us-Fix-desktop-centric-polkit-policy-file.patch | 44 ++++++++++++++++++++
0003-dbus-Fix-invalid-dbus-policy-file.patch | 32 ++++++++++++++
abrt.spec | 10 ++++-
3 files changed, 85 insertions(+), 1 deletions(-)
---
diff --git a/0002-dbus-Fix-desktop-centric-polkit-policy-file.patch b/0002-dbus-Fix-desktop-centric-polkit-policy-file.patch
new file mode 100644
index 0000000..f5743e9
--- /dev/null
+++ b/0002-dbus-Fix-desktop-centric-polkit-policy-file.patch
@@ -0,0 +1,44 @@
+From e98c8766655216db3d9a08b1fa52ba7decf57c46 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw at redhat.com>
+Date: Mon, 5 May 2014 08:41:00 +0200
+Subject: [PATCH 2/2] dbus: Fix desktop centric polkit policy file
+
+In order to allow use of ABRT's DBus API on servers, the polkit
+policy should allow admin usage even when not logged in an active
+seat (ie: monitor and keyboard). Otherwise use from ssh logins and
+Cockpit is prevented.
+---
+ src/dbus/abrt_polkit.policy | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/dbus/abrt_polkit.policy b/src/dbus/abrt_polkit.policy
+index 06008b4..a3425d9 100644
+--- a/src/dbus/abrt_polkit.policy
++++ b/src/dbus/abrt_polkit.policy
+@@ -19,9 +19,9 @@ Copyright (c) 2012 ABRT Team <crash-catcher at fedorahosted.com>
+ <description>Get problems from all users</description>
+ <message>Reading others problems requires authentication</message>
+ <defaults>
+- <allow_any>no</allow_any>
++ <allow_any>auth_admin</allow_any>
+ <allow_active>auth_admin_keep</allow_active>
+- <allow_inactive>no</allow_inactive>
++ <allow_inactive>auth_admin</allow_inactive>
+ </defaults>
+ </action>
+
+@@ -30,9 +30,9 @@ Copyright (c) 2012 ABRT Team <crash-catcher at fedorahosted.com>
+ <description>Set value of configuration properties</description>
+ <message>Update configuration values reuquires authentication</message>
+ <defaults>
+- <allow_any>no</allow_any>
++ <allow_any>auth_admin</allow_any>
+ <allow_active>auth_admin_keep</allow_active>
+- <allow_inactive>no</allow_inactive>
++ <allow_inactive>auth_admin</allow_inactive>
+ </defaults>
+ </action>
+
+--
+1.9.0
+
diff --git a/0003-dbus-Fix-invalid-dbus-policy-file.patch b/0003-dbus-Fix-invalid-dbus-policy-file.patch
new file mode 100644
index 0000000..29d5e44
--- /dev/null
+++ b/0003-dbus-Fix-invalid-dbus-policy-file.patch
@@ -0,0 +1,32 @@
+From 050ebb0786dc2ea24ffbb560b16bc2cbc7ccfedc Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw at redhat.com>
+Date: Tue, 6 May 2014 14:12:22 +0200
+Subject: [PATCH 3/3] dbus: Fix invalid dbus policy file
+
+The use of at_console is a bit of a relic from times before polkit.
+
+But more importantly I've removed a section that has no effect, and
+opens up the dbus policy for an invalid name: org.freedesktop.org
+---
+ src/dbus/dbus-abrt.conf | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/src/dbus/dbus-abrt.conf b/src/dbus/dbus-abrt.conf
+index 159d5ef..3bac353 100644
+--- a/src/dbus/dbus-abrt.conf
++++ b/src/dbus/dbus-abrt.conf
+@@ -16,11 +16,6 @@
+ <allow send_interface="com.redhat.problems.configuration"/>
+ </policy>
+
+- <policy at_console="true">
+- <allow send_destination="org.freedesktop.org"/>
+- <allow send_destination="com.redhat.problems.configuration"/>
+- </policy>
+-
+ <!-- Allow anyone to invoke methods on abrt server -->
+ <policy context="default">
+ <allow send_destination="org.freedesktop.problems"/>
+--
+1.9.0
+
diff --git a/abrt.spec b/abrt.spec
index 994f8e3..6481f96 100644
--- a/abrt.spec
+++ b/abrt.spec
@@ -40,12 +40,15 @@
Summary: Automatic bug detection and reporting tool
Name: abrt
Version: 2.2.1
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: Applications/System
URL: https://fedorahosted.org/abrt/
Source: https://fedorahosted.org/released/%{name}/%{name}-%{version}.tar.gz
+Patch2: 0002-dbus-Fix-desktop-centric-polkit-policy-file.patch
+Patch3: 0003-dbus-Fix-invalid-dbus-policy-file.patch
+
# '%%autosetup -S git' -> git
BuildRequires: git
@@ -921,6 +924,11 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%config(noreplace) %{_sysconfdir}/profile.d/abrt-console-notification.sh
%changelog
+* Tue May 06 2014 Jakub Filak <jfilak at redhat.com> 2.2.1-2
+- dbus: Fix desktop centric polkit policy file
+- dbus: Fix invalid dbus policy file
+- Resolves: #1094135
+
* Tue Apr 22 2014 Jakub Filak <jfilak at redhat.com> 2.2.1-1
- stop using deprecated json-c functions
- vmcore: start the service after kdump service
More information about the scm-commits
mailing list