Thank you very much for considering this and dropping this Change.
Regards,
Tomas Mraz
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.f
Thank you for your feedback.
After some thinking, I've decided to not start the Fedora Change process,
nor to merge these changes.
These changes are not suited for Fedora use cases.
Once again, I appreciate the discussion
On Tue, Dec 19, 2023 at 7:14 PM Tomáš Mráz wrote:
> In my opinion none o
In my opinion none of these permission changes make any sense for installations
that aren't guided by some mostly much more strict requirements than those for
the Fedora workstations or other general installations of Fedora. They simply
should not be applied.
Removing the setuid bit from the cr
Ondrej Pohorelsky writes:
> I've removed cron.allow from my PR[0] and reverted to cron.deny approach.
> As this was the only disputed change in these PRs so far, I plan on merging
> both of them into rawhide at the end of this week.
> However, if you see any issue with merging this "middle ground
I've removed cron.allow from my PR[0] and reverted to cron.deny approach.
As this was the only disputed change in these PRs so far, I plan on merging
both of them into rawhide at the end of this week.
However, if you see any issue with merging this "middle ground" change,
feel free to discuss.
[0]
On Wed, Dec 06, 2023 at 12:18:48PM +, Daniel P. Berrangé wrote:
> The main effect of the permissions change on these files is that non-root
> users can't see any env variables set against the commands scheduled to run.
> The actual command lines are still all visible in the proces listing when
Generally, CIS Benchmarks are only prescriptive and getting near/total
compliance with the benchmark is mainly for those who have host
fleets under some SCAP compliance regime. Nonetheless, picking on the low
hanging fruit such as cron compliance isn't going to drastically improve
the security post
On Wed, Dec 6, 2023 at 1:19 PM Daniel P. Berrangé
wrote:
> On Wed, Dec 06, 2023 at 11:16:44AM +0100, Ondrej Pohorelsky wrote:
> > Hi everyone,
> >
> > For F40 I would like to change file permissions of few files that are
> > provided by cronie and crontabs and swap deny list for allow list. I'm
>
On Wed, Dec 6, 2023 at 1:02 PM Daniel P. Berrangé
wrote:
> On Wed, Dec 06, 2023 at 11:53:26AM +, Tom Hughes via devel wrote:
> > On 06/12/2023 11:08, Ondrej Pohorelsky wrote:
> >
> > > The only difference is that if you have populated the cron.deny list,
> > > after update it gets saved as .r
On Wed, Dec 6, 2023 at 1:19 PM Daniel P. Berrangé wrote:
>
> On Wed, Dec 06, 2023 at 11:16:44AM +0100, Ondrej Pohorelsky wrote:
> > Hi everyone,
> >
> > For F40 I would like to change file permissions of few files that are
> > provided by cronie and crontabs and swap deny list for allow list. I'm
On Wed, Dec 06, 2023 at 11:16:44AM +0100, Ondrej Pohorelsky wrote:
> Hi everyone,
>
> For F40 I would like to change file permissions of few files that are
> provided by cronie and crontabs and swap deny list for allow list. I'm not
> really sure if I should make a change proposal. I figured I'll
On Wed, 6 Dec 2023 at 06:49, Ondrej Pohorelsky wrote:
>
>
> On Wed, Dec 6, 2023 at 12:39 PM Fabio Valentini
> wrote:
>
>> On Wed, Dec 6, 2023 at 11:17 AM Ondrej Pohorelsky
>> wrote:
>> >
>> > Hi everyone,
>> >
>> > For F40 I would like to change file permissions of few files that are
>> provide
On Wed, Dec 06, 2023 at 11:53:26AM +, Tom Hughes via devel wrote:
> On 06/12/2023 11:08, Ondrej Pohorelsky wrote:
>
> > The only difference is that if you have populated the cron.deny list,
> > after update it gets saved as .rpmsave and cron.allow is created.
> > If the cron.deny is blank, it
On 06/12/2023 11:08, Ondrej Pohorelsky wrote:
The only difference is that if you have populated the cron.deny list,
after update it gets saved as .rpmsave and cron.allow is created.
If the cron.deny is blank, it will get replaced.
Also, if you had cron.allow populated before, it will stay this
On Wed, Dec 6, 2023 at 12:39 PM Fabio Valentini
wrote:
> On Wed, Dec 6, 2023 at 11:17 AM Ondrej Pohorelsky
> wrote:
> >
> > Hi everyone,
> >
> > For F40 I would like to change file permissions of few files that are
> provided by cronie and crontabs and swap deny list for allow list. I'm not
> re
On Wed, Dec 06, 2023 at 12:39:02PM +0100, Fabio Valentini wrote:
> On Wed, Dec 6, 2023 at 11:17 AM Ondrej Pohorelsky wrote:
> >
> > Hi everyone,
> >
> > For F40 I would like to change file permissions of few files that are
> > provided by cronie and crontabs and swap deny list for allow list. I'm
On Wed, Dec 6, 2023 at 12:32 PM Michael J Gruber
wrote:
>
> Thanks, that sounds like the typical things to expect during an upgrade.
> We typically don't even have release notes mentioning this, but it would be
> nice, since it's even a "plus" for F40 (compliance, hardening).
>
> Does that mean m
On Wed, Dec 6, 2023 at 11:17 AM Ondrej Pohorelsky wrote:
>
> Hi everyone,
>
> For F40 I would like to change file permissions of few files that are
> provided by cronie and crontabs and swap deny list for allow list. I'm not
> really sure if I should make a change proposal. I figured I'll send a
Am Mi., 6. Dez. 2023 um 12:09 Uhr schrieb Ondrej Pohorelsky <
opoho...@redhat.com>:
>
>
> On Wed, Dec 6, 2023 at 11:26 AM Michael J Gruber
> wrote:
>
>> Hi there,
>>
>> what is the impact of these changes:
>> - Do default installs work the same way as before?
>> - Do existing setups (crontabs) ke
On Wed, Dec 6, 2023 at 11:26 AM Michael J Gruber
wrote:
> Hi there,
>
> what is the impact of these changes:
> - Do default installs work the same way as before?
> - Do existing setups (crontabs) keep working?
>
> If yes then I'd consider the permission changes to be fixes, or at least
> standard
Am Mi., 6. Dez. 2023 um 11:17 Uhr schrieb Ondrej Pohorelsky <
opoho...@redhat.com>:
> Hi everyone,
>
> For F40 I would like to change file permissions of few files that are
> provided by cronie and crontabs and swap deny list for allow list. I'm not
> really sure if I should make a change proposal
Hi everyone,
For F40 I would like to change file permissions of few files that are
provided by cronie and crontabs and swap deny list for allow list. I'm not
really sure if I should make a change proposal. I figured I'll send an
email first and see the feedback.
The driving force of this change i
22 matches
Mail list logo
