pool/at
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 961981 from home:dspinella:branches:Base:System

Browse Source 
- Drop systemd hardening as it breaks some jobs, fixes bsc#1196219
  * Remove harden_atd.service.patch

OBS-URL: https://build.opensuse.org/request/show/961981
OBS-URL: https://build.opensuse.org/package/show/Base:System/at?expand=0&rev=122
This commit is contained in:
Danilo Spinella 2022-03-15 17:53:35 +00:00 committed by Git OBS Bridge
parent cbc8544d9f
commit dd41cdc49d
4 changed files with 6 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
at.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Tue Mar 15 17:51:31 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
- Drop systemd hardening as it breaks some jobs, fixes bsc#1196219
* Remove harden_atd.service.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Feb 22 16:24:52 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com> Tue Feb 22 16:24:52 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>

1
at.spec
View File

@ -47,7 +47,6 @@ Patch24: at-backport-old-privs.patch
Patch28: at-adjust_load_to_cpu_count.patch Patch28: at-adjust_load_to_cpu_count.patch
# PATCH-FIX-UPSTREAM bnc#945124 kstreitova@suse.com -- don't loop on corrupt files and prevent their creation # PATCH-FIX-UPSTREAM bnc#945124 kstreitova@suse.com -- don't loop on corrupt files and prevent their creation
Patch29: at-3.1.16-handle_malformed_jobs.patch Patch29: at-3.1.16-handle_malformed_jobs.patch
Patch30: harden_atd.service.patch
BuildRequires: autoconf >= 2.69 BuildRequires: autoconf >= 2.69
BuildRequires: automake BuildRequires: automake
BuildRequires: bison BuildRequires: bison

11
atd.service
View File

@ -3,17 +3,6 @@ Description=Deferred execution scheduler
After=nss-user-lookup.target time-sync.target After=nss-user-lookup.target time-sync.target
[Service] [Service]
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
ExecStart=/usr/sbin/atd -f ExecStart=/usr/sbin/atd -f
[Install] [Install]

22
harden_atd.service.patch
View File

@ -1,22 +0,0 @@
Index: at-3.2.4/atd.service.in
===================================================================
--- at-3.2.4.orig/atd.service.in
+++ at-3.2.4/atd.service.in
@@ -4,6 +4,17 @@ Documentation=man:atd(8)
After=remote-fs.target nss-user-lookup.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
ExecStartPre=-find @atjobdir@ -type f -name "=*" -not -newercc /run/systemd -delete
ExecStart=@sbindir@/atd -f
IgnoreSIGPIPE=false