2012-04-17 Brian Cameron <
[email protected]>
CR #7095930 "GNOME needs to work better with the Stop RBAC profile"
WebRTI #361938.
* patches/gnome-session-24-rbac.diff, patches/glib-10-gio-rbac.diff,
patches/libgksu-05-rbac-support.diff,
patches/gnome-panel-17-rbac.diff, patches/gnome-menus-08-rbac.diff:
Fix desktop RBAC integration so it checks exec->attr != NULL instead
of exec->id != "*".
* specs/SUNWnwam-manager.spec, ext-sources/SUNWnwam-manager-exec_attr:
Removed since the GNOME panel no longer filters out modules that have
no exec->attr value, so these entries are not useful.
* manpages/man1/gnome-panel.1: No longer mention NWAM as using GNOME
panel filtering features.
--- a/ChangeLog Tue Apr 17 05:40:52 2012 +0000
+++ b/ChangeLog Tue Apr 17 05:48:18 2012 +0000
@@ -1,3 +1,18 @@
+2012-04-17 Brian Cameron <[email protected]>
+
+ CR #7095930 "GNOME needs to work better with the Stop RBAC profile"
+ WebRTI #361938.
+ * patches/gnome-session-24-rbac.diff, patches/glib-10-gio-rbac.diff,
+ patches/libgksu-05-rbac-support.diff,
+ patches/gnome-panel-17-rbac.diff, patches/gnome-menus-08-rbac.diff:
+ Fix desktop RBAC integration so it checks exec->attr != NULL instead
+ of exec->id != "*".
+ * specs/SUNWnwam-manager.spec, ext-sources/SUNWnwam-manager-exec_attr:
+ Removed since the GNOME panel no longer filters out modules that have
+ no exec->attr value, so these entries are not useful.
+ * manpages/man1/gnome-panel.1: No longer mention NWAM as using GNOME
+ panel filtering features.
+
2012-04-17 Jeff Cai <[email protected]>
Fix bug 7159409 and 7159444
@@ -32,7 +47,8 @@
2012-04-13 Brian Cameron <[email protected]>
* specs/SUNWjson-c.spec: Add "%include desktop-incorporation.inc".
- Fixes CR #7149760. WebRTI #361463.
+ Fixes CR #7149760 "package library/json-c missing consolidation entry
+ from its manifest". WebRTI #361463.
2012-04-09 Ada Luong <[email protected]>
@@ -184,6 +200,9 @@
* specs/SUNWgnome-vfs.spec, base-specs/gnome-vfs.spec: Fix
PKG_CONFIG_PATH setting and 64-bit build.
+ CR #7146691 "Build 64-bit libgnome-keyring, libsoup, gnome-vfs and
+ related GStreamer plugins"
+ WebRTI #360290
2012-03-06 Ghee Teo <[email protected]>
@@ -220,15 +239,24 @@
gnome-keyring, libsoup, and gnome-vfs libraries. Also support the
GStreamer 64-bit plugins for gnome-vfs and libsoup. Also fix
Requires/BuildRequires.
- RTI 360290, CR 7078660, 7146691.
+ CR #7078660 "library/audio/gstreamer should not deliver editable
+ profile attribute file"
+ CR #7146691 "Build 64-bit libgnome-keyring, libsoup, gnome-vfs and
+ related GStreamer plugins"
+ WebRTI #360290
* base-specs/gdm.spec, patches/gdm-37-strndup.diff: Use strndup.
- RTI 360291, CR 7146593.
+ CR #7146593 "Problem with gnome/session"
+ WebRTI #360291
* specs/SUNWgnome-display-mgr.spec, specs/SUNWconsolekit.spec: Fix
Requires/BuildRequires, and now /etc and /usr/share configuration
files have the preserve flag set.
* patches/ConsoleKit-01-ck-dynamic.diff: Add additional debug flags.
* patches/gdm-34-vt.diff: Remove needless warning message.
- RTI 360292, CR 7093653, 7144246
+ CR 7093653 "syslog WARNING: Unable to switch to VT1: Invalid argument
+ on every reboot"
+ CR 7144246 "GNOME login dialog box customizations cannot be saved
+ across package fixes and package updates"
+ WebRTI #360292
* specs/SUNWogg-vorbis.spec, specs/SUNWlibgc.spec: Fix
Requires/BuildRequires. Corrects minor spec-file issues that were
noticed after the 2011-02-17 putback.
@@ -25145,7 +25173,7 @@
Bump to 2.25.3.
Added gnome-session-16-stop-ice-negotiation as code has not released as
tarball yet.
- To fix bugster#6760675(bugzilla 563354).
+ To fix bugster #6760675 (bugzilla 563354).
* base-specs/gnome-session.spec:
* patches/gnome-session-16-stop-ice-negotiation.diff:
--- a/ext-sources/SUNWnwam-manager-exec_attr Tue Apr 17 05:40:52 2012 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,29 +0,0 @@
-#
-# CDDL HEADER START
-#
-# The contents of this file are subject to the terms of the
-# Common Development and Distribution License (the "License").
-# You may not use this file except in compliance with the License.
-#
-# You can obtain a copy of the license at src/sun_nws/OPENSOLARIS.LICENSE
-# or http://www.opensolaris.org/os/licensing.
-# See the License for the specific language governing permissions
-# and limitations under the License.
-#
-# When distributing Covered Code, include this CDDL HEADER in each
-# file and include the License file at src/sun_nws/OPENSOLARIS.LICENSE.
-# If applicable, add the following below this CDDL HEADER, with the
-# fields enclosed by brackets "[]" replaced with your own identifying
-# information: Portions Copyright [yyyy] [name of copyright owner]
-#
-# CDDL HEADER END
-#
-# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
-# Use is subject to license terms.
-#
-#ident "@(#)exec_attr 1.2 06/09/15 SMI"
-#
-# execution attributes for profiles. see exec_attr(4)
-#
-Network Autoconf Admin:solaris:cmd:RO::/usr/bin/nwam-manager-properties:
-Network Autoconf User:solaris:cmd:RO::/usr/lib/gnome-netstatus-applet:
--- a/manpages/man1/gnome-panel.1 Tue Apr 17 05:40:52 2012 +0000
+++ b/manpages/man1/gnome-panel.1 Tue Apr 17 05:48:18 2012 +0000
@@ -116,18 +116,15 @@
<listitem>brasero uses the "Desktop Removable Media User" profile.</listitem>
<listitem>sound-juicer uses the "Desktop Removable Media User" profile.</listitem>
<listitem>users-admin uses the "User Management" profile.</listitem>
-<listitem>nwam-manager-properties uses the "Network Autoconf Admin" profile.</listitem>
-<listitem>The "Network Monitor" applet uses the "Network Autoconf User" profile.</listitem>
</itemizedlist>
-<para>
-The "Desktop Administration" profile includes all of the above profiles, and
-can be used to make them all available to a user. When not using Trusted
-Extensions, you can configure the GNOME Panel so that a role password is
-required. You set up a role with a password, assign the rights profile (such
-as the "Desktop Administration" profile) to the role, and then assign the role
-to the user. The user must assume the role to gain access to the applets.
-RBAC can be configured to support these various configurations with the
+<p>
+When not using Trusted Extensions, you can configure the GNOME Panel so that a
+role password is required. You set up a role with a password, assign the
+rights profile (such as the "Desktop Administration" profile) to the role, and
+then assign the role to the user. The user must assume the role to gain access
+to the applets. RBAC can be configured to support these various configurations
+with the
<citerefentry><refentrytitle>profiles</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>roleadd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
and
--- a/patches/glib-10-gio-rbac.diff Tue Apr 17 05:40:52 2012 +0000
+++ b/patches/glib-10-gio-rbac.diff Tue Apr 17 05:48:18 2012 +0000
@@ -284,7 +284,7 @@
+ }
+
+ while (exec != NULL) {
-+ if (strcmp (exec->id, "*") != 0) {
++ if (exec->attr != NULL) {
+ rc = TRUE;
+ break;
+ }
@@ -345,7 +345,7 @@
+ * Does the user have a profile that can run the command?
+ */
+ while (exec != NULL) {
-+ if (strcmp (exec->id, "*") != 0) {
++ if (exec->attr != NULL) {
+ rc = TRUE;
+ break;
+ }
@@ -440,7 +440,7 @@
+ exec = getexecuser (role, KV_COMMAND, stripped_cmd, GET_ONE);
+ while (exec != NULL) {
+ if ((strcmp (role, "root") == 0) ||
-+ (strcmp (exec->id, "*") != 0)) {
++ (exec->attr != NULL)) {
+ rc = g_strdup (role);
+ break;
+ }
--- a/patches/gnome-menus-08-rbac.diff Tue Apr 17 05:40:52 2012 +0000
+++ b/patches/gnome-menus-08-rbac.diff Tue Apr 17 05:48:18 2012 +0000
@@ -936,7 +936,7 @@
+ }
+
+ while (exec != NULL) {
-+ if (strcmp (exec->id, "*") != 0) {
++ if (exec->attr != NULL) {
+ program_has_profile = TRUE;
+ break;
+ }
@@ -970,7 +970,7 @@
+ * be shown.
+ */
+ while (exec != NULL) {
-+ if (strcmp (exec->id, "*") != 0) {
++ if (exec->attr != NULL) {
+ rc = FALSE;
+ break;
+ }
@@ -1014,7 +1014,7 @@
+ exec = getexecuser (role, KV_COMMAND, stripped_cmd, GET_ONE);
+ while (exec != NULL) {
+ if ((strcmp (role, "root") == 0) ||
-+ (strcmp (exec->id, "*") != 0)) {
++ (exec->attr != NULL)) {
+ rc = FALSE;
+ break;
+ }
--- a/patches/gnome-panel-17-rbac.diff Tue Apr 17 05:40:52 2012 +0000
+++ b/patches/gnome-panel-17-rbac.diff Tue Apr 17 05:48:18 2012 +0000
@@ -710,7 +710,7 @@
+ }
+
+ while (exec != NULL) {
-+ if (strcmp (exec->id, "*") != 0) {
++ if (exec->attr != NULL) {
+ program_has_profile = TRUE;
+ break;
+ }
@@ -744,7 +744,7 @@
+ * be shown.
+ */
+ while (exec != NULL) {
-+ if (strcmp (exec->id, "*") != 0) {
++ if (exec->attr != NULL) {
+ rc = FALSE;
+ break;
+ }
@@ -788,7 +788,7 @@
+ exec = getexecuser (role, KV_COMMAND, stripped_cmd, GET_ONE);
+ while (exec != NULL) {
+ if ((strcmp (role, "root") == 0) ||
-+ (strcmp (exec->id, "*") != 0)) {
++ (exec->attr != NULL)) {
+ rc = FALSE;
+ break;
+ }
--- a/patches/gnome-session-24-rbac.diff Tue Apr 17 05:40:52 2012 +0000
+++ b/patches/gnome-session-24-rbac.diff Tue Apr 17 05:48:18 2012 +0000
@@ -284,7 +284,7 @@
+ }
+
+ while (exec != NULL) {
-+ if (strcmp (exec->id, "*") != 0) {
++ if (exec->attr != NULL) {
+ rc = TRUE;
+ break;
+ }
@@ -345,7 +345,7 @@
+ * Does the user have a profile that can run the command?
+ */
+ while (exec != NULL) {
-+ if (strcmp (exec->id, "*") != 0) {
++ if (exec->attr != NULL) {
+ rc = TRUE;
+ break;
+ }
@@ -440,7 +440,7 @@
+ exec = getexecuser (role, KV_COMMAND, stripped_cmd, GET_ONE);
+ while (exec != NULL) {
+ if ((strcmp (role, "root") == 0) ||
-+ (strcmp (exec->id, "*") != 0)) {
++ (exec->attr != NULL)) {
+ rc = g_strdup (role);
+ break;
+ }
--- a/patches/libgksu-05-rbac-support.diff Tue Apr 17 05:40:52 2012 +0000
+++ b/patches/libgksu-05-rbac-support.diff Tue Apr 17 05:48:18 2012 +0000
@@ -2019,7 +2019,7 @@
+ fprintf (stderr, "Exec Id: %s\n", exec->id);
+ }
+
-+ if (strcmp (exec->id, "*") != 0) {
++ if (exec->attr != NULL) {
+ if (CONTEXT_DEBUG_ON(context)) {
+ fprintf (stderr, "User has access, using pfexec\n");
+ }
@@ -2113,7 +2113,7 @@
+ fprintf (stderr, "Exec Id: %s\n", exec->id);
+ }
+
-+ if (strcmp (exec->id, "*") != 0) {
++ if (exec->attr != NULL) {
+ if (CONTEXT_DEBUG_ON(context)) {
+ fprintf (stderr, "Using role %s\n", rolename);
+ }
--- a/specs/SUNWnwam-manager.spec Tue Apr 17 05:40:52 2012 +0000
+++ b/specs/SUNWnwam-manager.spec Tue Apr 17 05:48:18 2012 +0000
@@ -19,7 +19,6 @@
Summary: Network Auto-Magic User Interface
Version: %{nwam_manager.version}
Source: %{name}-manpages-0.1.tar.gz
-Source1: %{name}-exec_attr
SUNW_BaseDir: %{_prefix}
License: %{nwam_manager.license}
SUNW_Copyright: %{name}.copyright
@@ -68,9 +67,6 @@
cd %{_builddir}/%name-%version/sun-manpages
make install DESTDIR=$RPM_BUILD_ROOT
-mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/security/exec_attr.d
-install --mode=0644 %SOURCE1 $RPM_BUILD_ROOT%{_sysconfdir}/security/exec_attr.d/desktop-administration-nwam-manager
-
%{?pkgbuild_postprocess: %pkgbuild_postprocess -v -c "%{version}:%{jds_version}:%{name}:$RPM_ARCH:%(date +%%Y-%%m-%%d):unsupported" $RPM_BUILD_ROOT}
%clean
@@ -133,9 +129,6 @@
%dir %attr (-, root, sys) %{_sysconfdir}/xdg
%dir %attr (-, root, sys) %{_sysconfdir}/xdg/autostart
%attr (-, root, sys) %{_sysconfdir}/xdg/autostart/*
-%dir %attr(0755, root, sys) /etc/security
-%dir %attr(0755, root, sys) /etc/security/exec_attr.d
-%config %ips_tag(restart_fmri=svc:/system/rbac:default) %attr (0444, root, sys) /etc/security/exec_attr.d/*
%files l10n
%defattr (-, root, bin)
@@ -147,6 +140,10 @@
%{_datadir}/omf/*/*-[a-z][a-z]_[A-Z]*.omf
%changelog
+* Thu Apr 12 2012 - [email protected]
+- Remove exec_attr entries. The fix for CR #709590 makes entries with no
+ exec->attr value no longer recognized as associated with a profile, so
+ these entries are non-functional now.
* Mon Mar 14 2011 - [email protected]
- Add exec_attr entries.
* Thu Aug 19 2010 - [email protected]