2011-04-08 Brian Cameron <
[email protected]>
* specs/SUNWgnome-cd.spec, specs/SUNWgnome-cd-burner.spec,
specs/SUNWgnome-media.spec, specs/SUNWdbus.spec,
specs/SUNWgnome-print-monitor.spec,
specs/SUNWgnome-system-tools.spec,
ext-sources/gdm.prof_attr,
ext-sources/SUNWgnome-system-tools-exec_attr,
ext-sources/SUNWprint-monitor-exec_attr,
ext-sources/SUNWprint-monitor-prof_attr,
ext-sources/SUNWnwam-manager-exec_attr: Add "RO" to the "res1" field
of all prof_attr and exec_attr RBAC entries delivered with the
Desktop to comply with PSARC 2010/357.
--- a/ChangeLog Fri Apr 08 11:55:09 2011 +0000
+++ b/ChangeLog Fri Apr 08 15:08:01 2011 +0000
@@ -1,3 +1,17 @@
+2011-04-08 Brian Cameron <[email protected]>
+
+ * specs/SUNWgnome-cd.spec, specs/SUNWgnome-cd-burner.spec,
+ specs/SUNWgnome-media.spec, specs/SUNWdbus.spec,
+ specs/SUNWgnome-print-monitor.spec,
+ specs/SUNWgnome-system-tools.spec,
+ ext-sources/gdm.prof_attr,
+ ext-sources/SUNWgnome-system-tools-exec_attr,
+ ext-sources/SUNWprint-monitor-exec_attr,
+ ext-sources/SUNWprint-monitor-prof_attr,
+ ext-sources/SUNWnwam-manager-exec_attr: Add "RO" to the "res1" field
+ of all prof_attr and exec_attr RBAC entries delivered with the
+ Desktop to comply with PSARC 2010/357.
+
2011-04-08 Jan Hnatek <[email protected]>
* base-specs/ttf-freefont.spec:
@@ -30,18 +44,18 @@
2011-04-04 Padraig O'Briain <[email protected]>
- * base-specs/avahi.spec: Bump to 0.6.30.
+ * base-specs/avahi.spec: Bump to 0.6.30.
2011-04-04 Padraig O'Briain <[email protected]>
- * specs/SUNWgroff.spec: Instead of delivering a binary in /usr/bin and
- link in /usr/gnu/bin deliver binary in /usr/gnu/bin and link in
- /usr/bin; set facet on link; CR 7031701.
+ * specs/SUNWgroff.spec: Instead of delivering a binary in /usr/bin and
+ link in /usr/gnu/bin deliver binary in /usr/gnu/bin and link in
+ /usr/bin; set facet on link; CR 7031701.
2011-04-04 Padraig O'Briain <[email protected]>
- * patches/avahi-16-socket.diff: Remove patch
- * base-specs/avahi.spec: Bump to 0.6.29
+ * patches/avahi-16-socket.diff: Remove patch
+ * base-specs/avahi.spec: Bump to 0.6.29
2011-03-30 Li Yuan <[email protected]>
@@ -54,7 +68,7 @@
* patches/gok-02-langdirs.diff:
* patches/gok-03-omf.diff:
* specs/SUNWgnome-a11y-gok.spec:
- Remove gok related files.
+ Remove gok related files.
2011-03-30 Brian Cameron <[email protected]>
@@ -363,7 +377,7 @@
2011-02-24 Yong Sun <[email protected]>
* specs/SUNWmyspell-dictionary-l10n.spec:
- Fixed some dead links and changed the owner to yongsun.
+ Fixed some dead links and changed the owner to yongsun.
2011-02-23 Brian Cameron <[email protected]>
--- a/ext-sources/SUNWgnome-system-tools-exec_attr Fri Apr 08 11:55:09 2011 +0000
+++ b/ext-sources/SUNWgnome-system-tools-exec_attr Fri Apr 08 15:08:01 2011 +0000
@@ -26,5 +26,5 @@
#
# execution attributes for profiles. see exec_attr(4)
#
-User Management:solaris:cmd:::/usr/bin/users-admin:
-User Management:solaris:cmd:::/usr/share/setup-tool-backends/scripts/users-conf:uid=0
+User Management:solaris:cmd:RO::/usr/bin/users-admin:
+User Management:solaris:cmd:RO::/usr/share/setup-tool-backends/scripts/users-conf:uid=0
--- a/ext-sources/SUNWnwam-manager-exec_attr Fri Apr 08 11:55:09 2011 +0000
+++ b/ext-sources/SUNWnwam-manager-exec_attr Fri Apr 08 15:08:01 2011 +0000
@@ -26,5 +26,5 @@
#
# execution attributes for profiles. see exec_attr(4)
#
-Network Autoconf Admin:solaris:cmd:::/usr/bin/nwam-manager-properties:
-Network Autoconf User:solaris:cmd:::/usr/lib/gnome-netstatus-applet:
+Network Autoconf Admin:solaris:cmd:RO::/usr/bin/nwam-manager-properties:
+Network Autoconf User:solaris:cmd:RO::/usr/lib/gnome-netstatus-applet:
--- a/ext-sources/SUNWprint-monitor-exec_attr Fri Apr 08 11:55:09 2011 +0000
+++ b/ext-sources/SUNWprint-monitor-exec_attr Fri Apr 08 15:08:01 2011 +0000
@@ -1,2 +1,2 @@
-Basic Solaris User:solaris:cmd:::/usr/lib/ospm/lp-queue-helper:replaced by Desktop Print Management
-Desktop Print Management:solaris:cmd:::/usr/lib/ospm/lp-queue-helper:euid=lp;gid=lp
+Basic Solaris User:solaris:cmd:RO::/usr/lib/ospm/lp-queue-helper:replaced by Desktop Print Management
+Desktop Print Management:solaris:cmd:RO::/usr/lib/ospm/lp-queue-helper:euid=lp;gid=lp
--- a/ext-sources/SUNWprint-monitor-prof_attr Fri Apr 08 11:55:09 2011 +0000
+++ b/ext-sources/SUNWprint-monitor-prof_attr Fri Apr 08 15:08:01 2011 +0000
@@ -1,2 +1,2 @@
-Console User:::Manage System as the Console User:profiles=Desktop Print Management;help=RtConsUser.html
-Desktop Print Management:::Allow operation on printers for desktop user:
+Console User:RO::Manage System as the Console User:profiles=Desktop Print Management;help=RtConsUser.html
+Desktop Print Management:RO::Allow operation on printers for desktop user:
--- a/ext-sources/gdm.prof_attr Fri Apr 08 11:55:09 2011 +0000
+++ b/ext-sources/gdm.prof_attr Fri Apr 08 15:08:01 2011 +0000
@@ -3,5 +3,5 @@
#
# profiles attributes. see prof_attr(4)
#
-Desktop Configuration::::auths=solaris.smf.manage.dt.login
-Device Security::::auths=solaris.smf.manage.dt.login
+Desktop Configuration:RO:::auths=solaris.smf.manage.dt.login
+Device Security:RO:::auths=solaris.smf.manage.dt.login
--- a/specs/SUNWdbus.spec Fri Apr 08 11:55:09 2011 +0000
+++ b/specs/SUNWdbus.spec Fri Apr 08 15:08:01 2011 +0000
@@ -130,9 +130,10 @@
install --mode=0755 -d $RPM_BUILD_ROOT/%{_sysconfdir}/X11/xinit/xinitrc.d
install --mode=0755 %SOURCE3 $RPM_BUILD_ROOT/%{_sysconfdir}/X11/xinit/xinitrc.d/0070.dbus
-mkdir -p $RPM_BUILD_ROOT/etc/security
-echo 'solaris.smf.manage.dbus:::Manage D-BUS Service States::help=SmfDBUSStates.html' > $RPM_BUILD_ROOT/etc/security/auth_attr
-echo 'D-BUS Management:::Manage D-BUS:auths=solaris.smf.manage.dbus;help=RtDBUSMngmnt.html' > $RPM_BUILD_ROOT/etc/security/prof_attr
+mkdir -p $RPM_BUILD_ROOT/etc/security/auth_attr.d
+echo 'solaris.smf.manage.dbus:::Manage D-BUS Service States::help=SmfDBUSStates.html' > $RPM_BUILD_ROOT/etc/security/auth_attr.d/system-library-dbus
+mkdir -p $RPM_BUILD_ROOT/etc/security/prof_attr.d
+echo 'D-BUS Management:RO::Manage D-BUS:auths=solaris.smf.manage.dbus;help=RtDBUSMngmnt.html' > $RPM_BUILD_ROOT/etc/security/prof_attr.d/system-library-dbus
%{?pkgbuild_postprocess: %pkgbuild_postprocess -v -c "%{version}:%{jds_version}:%{name}:$RPM_ARCH:%(date +%%Y-%%m-%%d):%{support_level}" $RPM_BUILD_ROOT}
@@ -239,8 +240,10 @@
%class(manifest) %attr (0444, root, sys) /lib/svc/manifest/system/dbus.xml
%attr (0555, root, bin) /lib/svc/method/svc-dbus
%dir %attr (0755, root, sys) /etc/security
-%config %class (rbac) %attr (0644, root, sys) /etc/security/auth_attr
-%config %class (rbac) %attr (0644, root, sys) /etc/security/prof_attr
+%dir %attr (0755, root, sys) /etc/security/auth_attr.d
+%config %attr (0644, root, sys) %ips_tag(restart_fmri=svc:/system/rbac:default preserve=true) /etc/security/auth_attr.d/*
+%dir %attr (0755, root, sys) /etc/security/prof_attr.d
+%config %attr (0644, root, sys) %ips_tag(restart_fmri=svc:/system/rbac:default preserve=true) /etc/security/prof_attr.d/*
%files devel
%defattr (-, root, bin)
@@ -259,6 +262,8 @@
%endif
%changelog
+* Wed Apr 06 2011 - [email protected]
+- Fix prof_attr and auth_attr setup.
* Tue Jun 08 2010 - [email protected]
- Updated BuildRequires to fit SourceJuicer.
* Mon Mar 02 2009 - [email protected]
--- a/specs/SUNWgnome-cd-burner.spec Fri Apr 08 11:55:09 2011 +0000
+++ b/specs/SUNWgnome-cd-burner.spec Fri Apr 08 15:08:01 2011 +0000
@@ -1,7 +1,7 @@
#
# spec file for package brasero
#
-# Copyright 2010 Sun Microsystems, Inc.
+# Copyright 2008, 2011, Oracle and/or its affiliates. All rights reserved.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@@ -43,7 +43,6 @@
BuildRequires: SUNWhal
BuildRequires: SUNWgnome-doc-utils
BuildRequires: SUNWlibcanberra
-#BuildRequires: SUNWlibcanberra-gtk
Requires: SUNWgtk2
Requires: %{name}-root
Requires: SUNWdesktop-cache
@@ -129,11 +128,11 @@
#make install DESTDIR=$RPM_BUILD_ROOT
# RBAC related
-mkdir -p $RPM_BUILD_ROOT/etc/security
+mkdir -p $RPM_BUILD_ROOT/etc/security/exec_attr.d
# exec_attr(4)
-cat >> $RPM_BUILD_ROOT/etc/security/exec_attr <<EOF
-Desktop Removable Media User:solaris:cmd:::/usr/bin/brasero:privs=sys_devices
+cat >> $RPM_BUILD_ROOT/etc/security/exec_attr.d/desktop-cd-burning-brasero <<EOF
+Desktop Removable Media User:solaris:cmd:RO::/usr/bin/brasero:privs=sys_devices
EOF
%if %build_l10n
@@ -197,7 +196,7 @@
%files root
%defattr (0755, root, sys)
%attr (0755, root, sys) %dir %{_sysconfdir}
-%config %class (rbac) %attr (0644, root, sys) /etc/security/exec_attr
+%config %ips_tag(restart_fmri=svc:/system/rbac:default) %attr (0444, root, sys) /etc/security/exec_attr.d/*
%if %build_l10n
%files l10n
@@ -207,6 +206,8 @@
%endif
%changelog
+* Wed Aug 06 2011 - [email protected]
+- Fix exec_attr setup.
* Wed Aug 4 2010 - [email protected]
- Fix %files.
* Thu Jul 15 2010 - [email protected]
--- a/specs/SUNWgnome-cd.spec Fri Apr 08 11:55:09 2011 +0000
+++ b/specs/SUNWgnome-cd.spec Fri Apr 08 15:08:01 2011 +0000
@@ -3,7 +3,7 @@
#
# includes module(s): sound-juicer
#
-# Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@@ -87,10 +87,10 @@
make install DESTDIR=$RPM_BUILD_ROOT
# RBAC related
-mkdir $RPM_BUILD_ROOT/etc/security
+mkdir -p $RPM_BUILD_ROOT/etc/security/exec_attr.d
# exec_attr(4)
-cat >> $RPM_BUILD_ROOT/etc/security/exec_attr <<EOF
-Desktop Removable Media User:solaris:cmd:::/usr/bin/sound-juicer:privs=sys_devices
+cat >> $RPM_BUILD_ROOT/etc/security/exec_attr.d/desktop-cd-ripping-sound-juicer <<EOF
+Desktop Removable Media User:solaris:cmd:RO::/usr/bin/sound-juicer:privs=sys_devices
EOF
cd $RPM_BUILD_ROOT%{_bindir}
@@ -155,9 +155,13 @@
%attr (0755, root, sys) %dir %{_sysconfdir}
%{_sysconfdir}/gconf/schemas/solaris-cdda.schemas
%{_sysconfdir}/gconf/schemas/sound-juicer.schemas
-%config %class (rbac) %attr (0644, root, sys) /etc/security/exec_attr
+%attr (0755, root, sys) %dir /etc/security
+%attr (0755, root, sys) %dir /etc/security/exec_attr.d
+%config %ips_tag(restart_fmri=svc:/system/rbac:default) %attr (0444, root, sys) /etc/security/exec_attr.d/*
%changelog
+* Wed Apr 06 2011 - [email protected]
+- Fix exec_attr setup.
* Tue Jun 08 2010 - [email protected]
- Updated BuildRequires to fit SourceJuicer.
* Fri Apr 3 2009 - [email protected]
--- a/specs/SUNWgnome-media.spec Fri Apr 08 11:55:09 2011 +0000
+++ b/specs/SUNWgnome-media.spec Fri Apr 08 15:08:01 2011 +0000
@@ -3,7 +3,7 @@
#
# includes module(s): gst, gst-plugins-base, gst-plugins-good
#
-# Copyright 2009 Sun Microsystems, Inc.
+# Copyright 2004, 2011, Oracle and/or its affiliates. All rights reserved.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@@ -265,12 +265,12 @@
rm -rf $RPM_BUILD_ROOT%{_datadir}/doc
# RBAC related
-mkdir $RPM_BUILD_ROOT/etc/security
+mkdir -p $RPM_BUILD_ROOT/etc/security/prof_attr.d
# prof_attr(4)
-cat >> $RPM_BUILD_ROOT/etc/security/prof_attr <<EOF
-Desktop Removable Media User:::Access removable media for desktop user:
-Console User::::profiles=Desktop Removable Media User
+cat >> $RPM_BUILD_ROOT/etc/security/prof_attr.d/library-audio-gstreamer <<EOF
+Desktop Removable Media User:RO::Access removable media for desktop user:
+Console User:RO:::profiles=Desktop Removable Media User
EOF
%if %{!?_without_gtk_doc:0}%{?_without_gtk_doc:1}
@@ -348,7 +348,9 @@
%defattr (-, root, sys)
%attr (0755, root, sys) %dir %{_sysconfdir}
%{_sysconfdir}/gconf/schemas/gstreamer-%{gst_minmaj}.schemas
-%config %class (rbac) %attr (0644, root, sys) /etc/security/prof_attr
+%attr (0755, root, sys) %dir /etc/security
+%attr (0755, root, sys) %dir /etc/security/prof_attr.d
+%config %ips_tag(restart_fmri=svc:/system/rbac:default) %attr (0444, root, sys) /etc/security/prof_attr.d/*
%files devel
%defattr (-, root, bin)
@@ -380,6 +382,8 @@
%endif
%changelog
+* Wed Apr 06 2011 - [email protected]
+- Fix prof_attr setup.
* Thu Apr 15 2010 - [email protected]
- Re-enable dependency on liboil.
* Thu Feb 11 2010 - [email protected]
--- a/specs/SUNWgnome-system-tools.spec Fri Apr 08 11:55:09 2011 +0000
+++ b/specs/SUNWgnome-system-tools.spec Fri Apr 08 15:08:01 2011 +0000
@@ -3,7 +3,7 @@
#
# includes module(s): gnome-system-tools, system-tools-backends
#
-# Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@@ -91,8 +91,8 @@
%systemtoolsbackends.install -d %name-%version
%gnomesystemtools.install -d %name-%version
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/security
-install --mode=0644 %SOURCE1 $RPM_BUILD_ROOT%{_sysconfdir}/security/exec_attr
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/security/exec_attr.d
+install --mode=0644 %SOURCE1 $RPM_BUILD_ROOT%{_sysconfdir}/security/exec_attr.d/desktop-administration-gnome-system-tools
#Manpages
rm -rf $RPM_BUILD_ROOT%{_mandir}
@@ -192,9 +192,13 @@
%defattr (-, root, sys)
%dir %{_sysconfdir}
%attr (0644, root, sys) %{_sysconfdir}/gconf/schemas/gnome-system-tools.schemas
-%config %class(rbac) %attr (0644, root, sys) %{_sysconfdir}/security/exec_attr
+%dir %attr(0755, root, sys) /etc/security
+%dir %attr(0755, root, sys) /etc/security/exec_attr.d
+%attr (0444, root, sys) %{_sysconfdir}/security/exec_attr.d/*
%changelog
+* Wed Apr 06 2011 - [email protected]
+- Fix exec_attr setup.
* Wed Aug 4 2010 - [email protected]
- Fix %files.
* Tue Jun 08 2010 - [email protected]
--- a/specs/SUNWprint-monitor.spec Fri Apr 08 11:55:09 2011 +0000
+++ b/specs/SUNWprint-monitor.spec Fri Apr 08 15:08:01 2011 +0000
@@ -3,7 +3,7 @@
#
# includes module(s): ospm
#
-# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@@ -85,9 +85,10 @@
%install
rm -rf $RPM_BUILD_ROOT
%ospm.install -d %name-%version
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/security
-install --mode=0644 %SOURCE $RPM_BUILD_ROOT%{_sysconfdir}/security/exec_attr
-install --mode=0644 %SOURCE1 $RPM_BUILD_ROOT%{_sysconfdir}/security/prof_attr
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/security/exec_attr.d
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/security/prof_attr.d
+install --mode=0644 %SOURCE $RPM_BUILD_ROOT%{_sysconfdir}/security/exec_attr.d/print-lp-print-manager
+install --mode=0644 %SOURCE1 $RPM_BUILD_ROOT%{_sysconfdir}/security/prof_attr.d/print-lp-print-manager
#delete some unused or not shipped binaries.
rm -rf $RPM_BUILD_ROOT%{_bindir}/test-queues
@@ -161,10 +162,15 @@
%defattr (-, root, sys)
%attr (0755, root, sys) %dir %{_sysconfdir}
%{_sysconfdir}/gconf/schemas/ospm.schemas
-%config %class(rbac) %attr (0644, root, sys) %{_sysconfdir}/security/exec_attr
-%config %class(rbac) %attr (0644, root, sys) %{_sysconfdir}/security/prof_attr
+%dir %attr (0755, root, sys) /etc/security
+%dir %attr (0755, root, sys) /etc/security/exec_attr.d
+%config %attr (0444, root, sys) %ips_tag(restart_fmri=svc:/system/rbac:default) /etc/security/exec_attr.d/*
+%dir %attr (0755, root, sys) /etc/security/prof_attr.d
+%config %attr (0444, root, sys) %ips_tag(restart_fmri=svc:/system/rbac:default) /etc/security/prof_attr.d/*
%changelog
+* Wed Apr 06 2011 - [email protected]
+- Fix exec_attr and prof_attr setup.
* Wed Aug 4 2010 - [email protected]
- Fix %files.
* Tue Jun 08 2010 - [email protected]