pool/accountsservice
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 908802 from home:jsegitz:branches:systemdhardening:GNOME:Factory

Browse Source 
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/908802
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/accountsservice?expand=0&rev=146
This commit is contained in:
Dominique Leuenberger 2021-07-28 08:20:17 +00:00 committed by Git OBS Bridge
parent 90bec468ee
commit 18f7ea47ba
3 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
accountsservice.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Jul 27 11:53:56 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s). Added patch(es):
* harden_accounts-daemon.service.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Mar 2 21:05:33 UTC 2021 - Antoine Belvire <antoine.belvire@opensuse.org> Tue Mar 2 21:05:33 UTC 2021 - Antoine Belvire <antoine.belvire@opensuse.org>

2
accountsservice.spec
View File

@ -40,6 +40,7 @@ Patch4: accountsservice-fix-gdm-crash.patch
## SLE and Leap only patches start at 1000 ## SLE and Leap only patches start at 1000
# PATCH-FEATURE-SLE as-fate318433-prevent-same-account-multi-logins.patch fate#318433 cxiong@suse.com -- prevent multiple simultaneous login. # PATCH-FEATURE-SLE as-fate318433-prevent-same-account-multi-logins.patch fate#318433 cxiong@suse.com -- prevent multiple simultaneous login.
Patch1000: as-fate318433-prevent-same-account-multi-logins.patch Patch1000: as-fate318433-prevent-same-account-multi-logins.patch
Patch1001: harden_accounts-daemon.service.patch
BuildRequires: gtk-doc BuildRequires: gtk-doc
BuildRequires: meson BuildRequires: meson
@ -103,6 +104,7 @@ querying and manipulating user account information.
%patch2 -p1 %patch2 -p1
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch1001 -p1
# SLE and Leap patches start at 1000 # SLE and Leap patches start at 1000
%if 0%{?sle_version} %if 0%{?sle_version}

21
harden_accounts-daemon.service.patch Normal file
View File

@ -0,0 +1,21 @@
Index: accountsservice-0.6.55/data/accounts-daemon.service.in
===================================================================
--- accountsservice-0.6.55.orig/data/accounts-daemon.service.in
+++ accountsservice-0.6.55/data/accounts-daemon.service.in
@@ -8,6 +8,16 @@ After=nss-user-lookup.target
Wants=nss-user-lookup.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
Type=dbus
BusName=org.freedesktop.Accounts
ExecStart=@libexecdir@/accounts-daemon