forked from pool/e2fsprogs
Accepting request 925637 from filesystems
OBS-URL: https://build.opensuse.org/request/show/925637 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/e2fsprogs?expand=0&rev=123
This commit is contained in:
commit
8af9741618
@ -1,3 +1,8 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Oct 15 12:11:41 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
||||||
|
|
||||||
|
- Drop ProtectClock hardening, can cause issues if other device acceess is needed
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Sep 30 14:13:06 UTC 2021 - Jan Kara <jack@suse.cz>
|
Thu Sep 30 14:13:06 UTC 2021 - Jan Kara <jack@suse.cz>
|
||||||
|
|
||||||
|
@ -2,14 +2,13 @@ Index: e2fsprogs-1.46.4/scrub/e2scrub@.service.in
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- e2fsprogs-1.46.4.orig/scrub/e2scrub@.service.in
|
--- e2fsprogs-1.46.4.orig/scrub/e2scrub@.service.in
|
||||||
+++ e2fsprogs-1.46.4/scrub/e2scrub@.service.in
|
+++ e2fsprogs-1.46.4/scrub/e2scrub@.service.in
|
||||||
@@ -10,6 +10,15 @@ PrivateNetwork=true
|
@@ -10,6 +10,14 @@ PrivateNetwork=true
|
||||||
ProtectSystem=true
|
ProtectSystem=true
|
||||||
ProtectHome=read-only
|
ProtectHome=read-only
|
||||||
PrivateTmp=yes
|
PrivateTmp=yes
|
||||||
+# added automatically, for details please see
|
+# added automatically, for details please see
|
||||||
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||||
+ProtectHostname=true
|
+ProtectHostname=true
|
||||||
+ProtectClock=true
|
|
||||||
+ProtectKernelTunables=true
|
+ProtectKernelTunables=true
|
||||||
+ProtectKernelLogs=true
|
+ProtectKernelLogs=true
|
||||||
+ProtectControlGroups=true
|
+ProtectControlGroups=true
|
||||||
|
@ -2,7 +2,7 @@ Index: e2fsprogs-1.46.3/scrub/e2scrub_all.service.in
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- e2fsprogs-1.46.3.orig/scrub/e2scrub_all.service.in
|
--- e2fsprogs-1.46.3.orig/scrub/e2scrub_all.service.in
|
||||||
+++ e2fsprogs-1.46.3/scrub/e2scrub_all.service.in
|
+++ e2fsprogs-1.46.3/scrub/e2scrub_all.service.in
|
||||||
@@ -6,6 +6,18 @@ ConditionCapability=CAP_SYS_RAWIO
|
@@ -6,6 +6,17 @@ ConditionCapability=CAP_SYS_RAWIO
|
||||||
Documentation=man:e2scrub_all(8)
|
Documentation=man:e2scrub_all(8)
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
@ -11,7 +11,6 @@ Index: e2fsprogs-1.46.3/scrub/e2scrub_all.service.in
|
|||||||
+ProtectSystem=full
|
+ProtectSystem=full
|
||||||
+ProtectHome=true
|
+ProtectHome=true
|
||||||
+ProtectHostname=true
|
+ProtectHostname=true
|
||||||
+ProtectClock=true
|
|
||||||
+ProtectKernelTunables=true
|
+ProtectKernelTunables=true
|
||||||
+ProtectKernelModules=true
|
+ProtectKernelModules=true
|
||||||
+ProtectKernelLogs=true
|
+ProtectKernelLogs=true
|
||||||
|
@ -2,7 +2,7 @@ Index: e2fsprogs-1.46.3/scrub/e2scrub_fail@.service.in
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- e2fsprogs-1.46.3.orig/scrub/e2scrub_fail@.service.in
|
--- e2fsprogs-1.46.3.orig/scrub/e2scrub_fail@.service.in
|
||||||
+++ e2fsprogs-1.46.3/scrub/e2scrub_fail@.service.in
|
+++ e2fsprogs-1.46.3/scrub/e2scrub_fail@.service.in
|
||||||
@@ -3,6 +3,18 @@ Description=Online ext4 Metadata Check F
|
@@ -3,6 +3,17 @@ Description=Online ext4 Metadata Check F
|
||||||
Documentation=man:e2scrub(8)
|
Documentation=man:e2scrub(8)
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
@ -11,7 +11,6 @@ Index: e2fsprogs-1.46.3/scrub/e2scrub_fail@.service.in
|
|||||||
+ProtectSystem=full
|
+ProtectSystem=full
|
||||||
+ProtectHome=true
|
+ProtectHome=true
|
||||||
+ProtectHostname=true
|
+ProtectHostname=true
|
||||||
+ProtectClock=true
|
|
||||||
+ProtectKernelTunables=true
|
+ProtectKernelTunables=true
|
||||||
+ProtectKernelModules=true
|
+ProtectKernelModules=true
|
||||||
+ProtectKernelLogs=true
|
+ProtectKernelLogs=true
|
||||||
|
@ -2,14 +2,13 @@ Index: e2fsprogs-1.46.3/scrub/e2scrub_reap.service.in
|
|||||||
===================================================================
|
===================================================================
|
||||||
--- e2fsprogs-1.46.3.orig/scrub/e2scrub_reap.service.in
|
--- e2fsprogs-1.46.3.orig/scrub/e2scrub_reap.service.in
|
||||||
+++ e2fsprogs-1.46.3/scrub/e2scrub_reap.service.in
|
+++ e2fsprogs-1.46.3/scrub/e2scrub_reap.service.in
|
||||||
@@ -11,6 +11,16 @@ PrivateNetwork=true
|
@@ -11,6 +11,15 @@ PrivateNetwork=true
|
||||||
ProtectSystem=true
|
ProtectSystem=true
|
||||||
ProtectHome=read-only
|
ProtectHome=read-only
|
||||||
PrivateTmp=yes
|
PrivateTmp=yes
|
||||||
+# added automatically, for details please see
|
+# added automatically, for details please see
|
||||||
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||||
+ProtectHostname=true
|
+ProtectHostname=true
|
||||||
+ProtectClock=true
|
|
||||||
+ProtectKernelTunables=true
|
+ProtectKernelTunables=true
|
||||||
+ProtectKernelModules=true
|
+ProtectKernelModules=true
|
||||||
+ProtectKernelLogs=true
|
+ProtectKernelLogs=true
|
||||||
|
Loading…
Reference in New Issue
Block a user