{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":254445967,"defaultBranch":"main","name":"gssproxy","ownerLogin":"gssapi","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2020-04-09T18:14:56.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/63316684?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1697731850.0","currentOid":""},"activityList":{"items":[{"before":"749847ff7748576ec2ca6b05618b282fa21c057a","after":"d7be530d86a3b050a2f29d0df9ea0dad61e4086d","ref":"refs/heads/main","pushedAt":"2024-05-03T16:36:01.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"simo5","name":"Simo Sorce","path":"/simo5","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8332609?s=80&v=4"},"commit":{"message":"Add note about libnfsidmap to NFS docs\n\nSigned-off-by: Simo Sorce <simo@redhat.com>","shortMessageHtmlLink":"Add note about libnfsidmap to NFS docs"}},{"before":"69bc78f0fa49a1fb544296cc4aba041f571ee714","after":"749847ff7748576ec2ca6b05618b282fa21c057a","ref":"refs/heads/main","pushedAt":"2024-04-22T14:28:38.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"simo5","name":"Simo Sorce","path":"/simo5","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8332609?s=80&v=4"},"commit":{"message":"Avoid SIGPIPE in mechglue when gssproxy closed the connection\n\nSIGPIPE should not be passed up to the calling program\n\nSigned-off-by: Volker Lendecke <vl@samba.org>","shortMessageHtmlLink":"Avoid SIGPIPE in mechglue when gssproxy closed the connection"}},{"before":"9d52019a83ee17a9f1a05279b4327cbee07e7811","after":"69bc78f0fa49a1fb544296cc4aba041f571ee714","ref":"refs/heads/main","pushedAt":"2024-04-12T20:24:55.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"simo5","name":"Simo Sorce","path":"/simo5","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8332609?s=80&v=4"},"commit":{"message":"Avoid bashism in configure script\n\n&> is non-standard for redirecting stdin and stderr. It is a short-hand copied\nfrom csh's >& by zsh and later bash. It is equivalent to >word 2>&1 which will\nalso work in dash (/bin/sh on Debian) or other plain Bourne/POSIX shells.\n\nSigned-off-by: Oliver Kiddle <okiddle@yahoo.co.uk>","shortMessageHtmlLink":"Avoid bashism in configure script"}},{"before":"a9f3b002da2405eb93876610608f968d8108a2b6","after":"9d52019a83ee17a9f1a05279b4327cbee07e7811","ref":"refs/heads/main","pushedAt":"2024-03-20T15:32:38.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"simo5","name":"Simo Sorce","path":"/simo5","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8332609?s=80&v=4"},"commit":{"message":"Update URLs to project page, fedorahosted.org got retired","shortMessageHtmlLink":"Update URLs to project page, fedorahosted.org got retired"}},{"before":"aeaa802766fbcc2916c9c14839676e9d7ec69b98","after":"a9f3b002da2405eb93876610608f968d8108a2b6","ref":"refs/heads/main","pushedAt":"2024-03-11T21:29:02.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"simo5","name":"Simo Sorce","path":"/simo5","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8332609?s=80&v=4"},"commit":{"message":"Remove from the correct list\n\nFixes #92\n\nSigned-off-by: Simo Sorce <simo@redhat.com>","shortMessageHtmlLink":"Remove from the correct list"}},{"before":"8d3cc9c5247ce3353f1f9a2ce63bda22cb78b287","after":"aeaa802766fbcc2916c9c14839676e9d7ec69b98","ref":"refs/heads/main","pushedAt":"2024-03-05T19:23:24.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"simo5","name":"Simo Sorce","path":"/simo5","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8332609?s=80&v=4"},"commit":{"message":"Remove syslog.target from service file\n\nThis target hasn't existed for over a decade\r\n\r\nhttps://github.com/systemd/systemd/blob/6aa8d43ade72e24c9426e604f7fc4b7582b9db7c/NEWS#L72-L73","shortMessageHtmlLink":"Remove syslog.target from service file"}},{"before":"d4004e67cb399054c07b34517e8f0eaee83c55de","after":"8d3cc9c5247ce3353f1f9a2ce63bda22cb78b287","ref":"refs/heads/main","pushedAt":"2023-10-25T11:59:51.000Z","pushType":"pr_merge","commitsCount":3,"pusher":{"login":"simo5","name":"Simo Sorce","path":"/simo5","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8332609?s=80&v=4"},"commit":{"message":"[gssproxy] Harden systemd .service file\n\nMost of the configuration options should be straightforward.\n\nThe previous version of the .service file contained a comment that\nNoNewPrivileges=yes breaks the ability to open a socket under\n/var/lib/gssproxy. That does not appear to be correct because ProtectClock=yes\nwas already set, which enables NoNewPrivileges.\n\nFurthermore, the comment for ProtectKernelTunables also appears to be\nincorrect, because it doesn't make all of /proc read-only (it's only\n/proc/sys/, /sys/, /proc/sysrq-trigger, /proc/latency_stats, /proc/acpi,\n/proc/timer_stats, /proc/fs and /proc/irq, see man systemd.exec(5)), so\n/proc/net/rpc/use-gss-proxy is still writeable. Perhaps it was a mixup with\nProtectProc?\n\nWith this applied, the \"systemd-analyze security gssproxy\" score goes from 8.4\n(EXPOSED) to 1.7 (OK).\n\nTested with nfs-kernel-server, some more testing in other scenarios might still\nbe necessary. Also, note that this expects all RW data to be stored under\n/var/lib/gssproxy, /root, /home or /run/user.\n\nSigned-off-by: David Härdeman <david@hardeman.nu>","shortMessageHtmlLink":"[gssproxy] Harden systemd .service file"}},{"before":"27f883ff3a75dc7b52d0b0bd692f9eeb8ee53338","after":"d4004e67cb399054c07b34517e8f0eaee83c55de","ref":"refs/heads/main","pushedAt":"2023-10-19T17:48:20.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"simo5","name":"Simo Sorce","path":"/simo5","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8332609?s=80&v=4"},"commit":{"message":"upgrade xml DTD to 4.5\n\nTrival change which upgardes xml DTD version to latest stable 4.5.\n\nSigned-off-by: Tomasz Kłoczko <kloczek@github.com>","shortMessageHtmlLink":"upgrade xml DTD to 4.5"}},{"before":"9d013b1bcc6277842824b25241e8652a865a2944","after":"27f883ff3a75dc7b52d0b0bd692f9eeb8ee53338","ref":"refs/heads/main","pushedAt":"2023-10-19T16:10:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"simo5","name":"Simo Sorce","path":"/simo5","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8332609?s=80&v=4"},"commit":{"message":"Version 0.9.2\n\nSigned-off-by: Simo Sorce <simo@redhat.com>","shortMessageHtmlLink":"Version 0.9.2"}},{"before":"fb8737b2c48d67a63a66abfa090e92f21765a94f","after":"9d013b1bcc6277842824b25241e8652a865a2944","ref":"refs/heads/main","pushedAt":"2023-10-18T20:07:45.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"simo5","name":"Simo Sorce","path":"/simo5","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8332609?s=80&v=4"},"commit":{"message":"Do not close fd if it was never set\n\nFixes Coverity 403648: Argument cannot be negative\n\nSigned-off-by: Simo Sorce <simo@redhat.com>","shortMessageHtmlLink":"Do not close fd if it was never set"}},{"before":"f52e60fad1e202a8f9c06ec6ce8bada69c62c93c","after":"fb8737b2c48d67a63a66abfa090e92f21765a94f","ref":"refs/heads/main","pushedAt":"2023-10-18T19:18:39.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"simo5","name":"Simo Sorce","path":"/simo5","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8332609?s=80&v=4"},"commit":{"message":"[gssproxy] retry writing to /proc/net/rpc/use-gss-proxy\n\nThis improves the handling of cases where the auth_rpcgss module has not yet\nbeen loaded when gssproxy is started.\n\nSigned-off-by: David Härdeman <david@hardeman.nu>","shortMessageHtmlLink":"[gssproxy] retry writing to /proc/net/rpc/use-gss-proxy"}},{"before":"ec463454c1f6e89bf8a1671bf0ef00fef2491f86","after":"f52e60fad1e202a8f9c06ec6ce8bada69c62c93c","ref":"refs/heads/main","pushedAt":"2023-09-07T14:38:11.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"simo5","name":"Simo Sorce","path":"/simo5","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8332609?s=80&v=4"},"commit":{"message":"tests: fix userproxytest missed NULL argument pointer\n\nExecv syscall needs the argument array of pointers must\nbe terminated by a null pointer, otherwise the garbage\ndata might break the test.\n\nSigned-off-by: Kai Zhang <zhangkai@iscas.ac.cn>","shortMessageHtmlLink":"tests: fix userproxytest missed NULL argument pointer"}},{"before":"f6ab3193e64ecc9db4d253b6dd99991f461b6081","after":"ec463454c1f6e89bf8a1671bf0ef00fef2491f86","ref":"refs/heads/main","pushedAt":"2023-07-11T09:27:01.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"simo5","name":"Simo Sorce","path":"/simo5","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8332609?s=80&v=4"},"commit":{"message":"systemd: add StateDirectory to gssproxy.service\n\ngssproxy won't start if /var/lib/gssproxy is missing (\"Failed to\ncreate Unix Socket!\"). systemd provides a directive to ensure that all\nnecessary state directories exist so we can use it in this case.\n\nSigned-off-by: Alberto Garcia <berto@igalia.com>","shortMessageHtmlLink":"systemd: add StateDirectory to gssproxy.service"}},{"before":"402468057a6919743749b9db488a1c037ee045c3","after":"f6ab3193e64ecc9db4d253b6dd99991f461b6081","ref":"refs/heads/main","pushedAt":"2023-05-31T12:28:32.567Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"simo5","name":"Simo Sorce","path":"/simo5","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8332609?s=80&v=4"},"commit":{"message":"Fix build on musl libc with clang 16\n\nSigned-off-by: Brahmajit Das <brahmajit.xyz@gmail.com>","shortMessageHtmlLink":"Fix build on musl libc with clang 16"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEQPDpSQA","startCursor":null,"endCursor":null}},"title":"Activity · gssapi/gssproxy"}