[abrt/f20] Fix desktop centric polkit policy file

Jakub Filak jfilak at fedoraproject.org
Tue May 6 15:34:05 UTC 2014 

commit 950b5d9e9eaae8c0f209cc275476724e6a6e2d38
Author: Jakub Filak <jfilak at redhat.com>
Date:   Tue May 6 13:08:27 2014 +0200

    Fix desktop centric polkit policy file
    
    Resolves: #1094135

 ...us-Fix-desktop-centric-polkit-policy-file.patch |   44 ++++++++++++++++++++
 0003-dbus-Fix-invalid-dbus-policy-file.patch       |   32 ++++++++++++++
 abrt.spec                                          |   10 ++++-
 3 files changed, 85 insertions(+), 1 deletions(-)
---
diff --git a/0002-dbus-Fix-desktop-centric-polkit-policy-file.patch b/0002-dbus-Fix-desktop-centric-polkit-policy-file.patch
new file mode 100644
index 0000000..f5743e9
--- /dev/null
+++ b/0002-dbus-Fix-desktop-centric-polkit-policy-file.patch
@@ -0,0 +1,44 @@
+From e98c8766655216db3d9a08b1fa52ba7decf57c46 Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw at redhat.com>
+Date: Mon, 5 May 2014 08:41:00 +0200
+Subject: [PATCH 2/2] dbus: Fix desktop centric polkit policy file
+
+In order to allow use of ABRT's DBus API on servers, the polkit
+policy should allow admin usage even when not logged in an active
+seat (ie: monitor and keyboard). Otherwise use from ssh logins and
+Cockpit is prevented.
+---
+ src/dbus/abrt_polkit.policy | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/dbus/abrt_polkit.policy b/src/dbus/abrt_polkit.policy
+index 06008b4..a3425d9 100644
+--- a/src/dbus/abrt_polkit.policy
++++ b/src/dbus/abrt_polkit.policy
+@@ -19,9 +19,9 @@ Copyright (c) 2012 ABRT Team <crash-catcher at fedorahosted.com>
+     <description>Get problems from all users</description>
+     <message>Reading others problems requires authentication</message>
+     <defaults>
+-      <allow_any>no</allow_any>
++      <allow_any>auth_admin</allow_any>
+       <allow_active>auth_admin_keep</allow_active>
+-      <allow_inactive>no</allow_inactive>
++      <allow_inactive>auth_admin</allow_inactive>
+     </defaults>
+   </action>
+ 
+@@ -30,9 +30,9 @@ Copyright (c) 2012 ABRT Team <crash-catcher at fedorahosted.com>
+     <description>Set value of configuration properties</description>
+     <message>Update configuration values reuquires authentication</message>
+     <defaults>
+-      <allow_any>no</allow_any>
++      <allow_any>auth_admin</allow_any>
+       <allow_active>auth_admin_keep</allow_active>
+-      <allow_inactive>no</allow_inactive>
++      <allow_inactive>auth_admin</allow_inactive>
+     </defaults>
+   </action>
+ 
+-- 
+1.9.0
+
diff --git a/0003-dbus-Fix-invalid-dbus-policy-file.patch b/0003-dbus-Fix-invalid-dbus-policy-file.patch
new file mode 100644
index 0000000..29d5e44
--- /dev/null
+++ b/0003-dbus-Fix-invalid-dbus-policy-file.patch
@@ -0,0 +1,32 @@
+From 050ebb0786dc2ea24ffbb560b16bc2cbc7ccfedc Mon Sep 17 00:00:00 2001
+From: Stef Walter <stefw at redhat.com>
+Date: Tue, 6 May 2014 14:12:22 +0200
+Subject: [PATCH 3/3] dbus: Fix invalid dbus policy file
+
+The use of at_console is a bit of a relic from times before polkit.
+
+But more importantly I've removed a section that has no effect, and
+opens up the dbus policy for an invalid name: org.freedesktop.org
+---
+ src/dbus/dbus-abrt.conf | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/src/dbus/dbus-abrt.conf b/src/dbus/dbus-abrt.conf
+index 159d5ef..3bac353 100644
+--- a/src/dbus/dbus-abrt.conf
++++ b/src/dbus/dbus-abrt.conf
+@@ -16,11 +16,6 @@
+     <allow send_interface="com.redhat.problems.configuration"/>
+   </policy>
+ 
+-  <policy at_console="true">
+-    <allow send_destination="org.freedesktop.org"/>
+-    <allow send_destination="com.redhat.problems.configuration"/>
+-  </policy>
+-
+   <!-- Allow anyone to invoke methods on abrt server -->
+   <policy context="default">
+     <allow send_destination="org.freedesktop.problems"/>
+-- 
+1.9.0
+
diff --git a/abrt.spec b/abrt.spec
index 994f8e3..6481f96 100644
--- a/abrt.spec
+++ b/abrt.spec
@@ -40,12 +40,15 @@
 Summary: Automatic bug detection and reporting tool
 Name: abrt
 Version: 2.2.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: Applications/System
 URL: https://fedorahosted.org/abrt/
 Source: https://fedorahosted.org/released/%{name}/%{name}-%{version}.tar.gz
 
+Patch2: 0002-dbus-Fix-desktop-centric-polkit-policy-file.patch
+Patch3: 0003-dbus-Fix-invalid-dbus-policy-file.patch
+
 # '%%autosetup -S git' -> git
 BuildRequires: git
 
@@ -921,6 +924,11 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %config(noreplace) %{_sysconfdir}/profile.d/abrt-console-notification.sh
 
 %changelog
+* Tue May 06 2014 Jakub Filak <jfilak at redhat.com> 2.2.1-2
+- dbus: Fix desktop centric polkit policy file
+- dbus: Fix invalid dbus policy file
+- Resolves: #1094135
+
 * Tue Apr 22 2014 Jakub Filak <jfilak at redhat.com> 2.2.1-1
 - stop using deprecated json-c functions
 - vmcore: start the service after kdump service

More information about the scm-commits mailing list