Accepting request 925452 from home:jsegitz:branches:systemdhardening_protectclock
- Drop ProtectClock hardening, can cause issues if other device acceess is needed OBS-URL: https://build.opensuse.org/request/show/925452 OBS-URL: https://build.opensuse.org/package/show/filesystems/e2fsprogs?expand=0&rev=145
This commit is contained in:
parent
c6068ea4ce
commit
9339024596
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 15 12:11:41 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
||||
|
||||
- Drop ProtectClock hardening, can cause issues if other device acceess is needed
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 30 14:13:06 UTC 2021 - Jan Kara <jack@suse.cz>
|
||||
|
||||
|
@ -2,14 +2,13 @@ Index: e2fsprogs-1.46.4/scrub/e2scrub@.service.in
|
||||
===================================================================
|
||||
--- e2fsprogs-1.46.4.orig/scrub/e2scrub@.service.in
|
||||
+++ e2fsprogs-1.46.4/scrub/e2scrub@.service.in
|
||||
@@ -10,6 +10,15 @@ PrivateNetwork=true
|
||||
@@ -10,6 +10,14 @@ PrivateNetwork=true
|
||||
ProtectSystem=true
|
||||
ProtectHome=read-only
|
||||
PrivateTmp=yes
|
||||
+# added automatically, for details please see
|
||||
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||
+ProtectHostname=true
|
||||
+ProtectClock=true
|
||||
+ProtectKernelTunables=true
|
||||
+ProtectKernelLogs=true
|
||||
+ProtectControlGroups=true
|
||||
|
@ -2,7 +2,7 @@ Index: e2fsprogs-1.46.3/scrub/e2scrub_all.service.in
|
||||
===================================================================
|
||||
--- e2fsprogs-1.46.3.orig/scrub/e2scrub_all.service.in
|
||||
+++ e2fsprogs-1.46.3/scrub/e2scrub_all.service.in
|
||||
@@ -6,6 +6,18 @@ ConditionCapability=CAP_SYS_RAWIO
|
||||
@@ -6,6 +6,17 @@ ConditionCapability=CAP_SYS_RAWIO
|
||||
Documentation=man:e2scrub_all(8)
|
||||
|
||||
[Service]
|
||||
@ -11,7 +11,6 @@ Index: e2fsprogs-1.46.3/scrub/e2scrub_all.service.in
|
||||
+ProtectSystem=full
|
||||
+ProtectHome=true
|
||||
+ProtectHostname=true
|
||||
+ProtectClock=true
|
||||
+ProtectKernelTunables=true
|
||||
+ProtectKernelModules=true
|
||||
+ProtectKernelLogs=true
|
||||
|
@ -2,7 +2,7 @@ Index: e2fsprogs-1.46.3/scrub/e2scrub_fail@.service.in
|
||||
===================================================================
|
||||
--- e2fsprogs-1.46.3.orig/scrub/e2scrub_fail@.service.in
|
||||
+++ e2fsprogs-1.46.3/scrub/e2scrub_fail@.service.in
|
||||
@@ -3,6 +3,18 @@ Description=Online ext4 Metadata Check F
|
||||
@@ -3,6 +3,17 @@ Description=Online ext4 Metadata Check F
|
||||
Documentation=man:e2scrub(8)
|
||||
|
||||
[Service]
|
||||
@ -11,7 +11,6 @@ Index: e2fsprogs-1.46.3/scrub/e2scrub_fail@.service.in
|
||||
+ProtectSystem=full
|
||||
+ProtectHome=true
|
||||
+ProtectHostname=true
|
||||
+ProtectClock=true
|
||||
+ProtectKernelTunables=true
|
||||
+ProtectKernelModules=true
|
||||
+ProtectKernelLogs=true
|
||||
|
@ -2,14 +2,13 @@ Index: e2fsprogs-1.46.3/scrub/e2scrub_reap.service.in
|
||||
===================================================================
|
||||
--- e2fsprogs-1.46.3.orig/scrub/e2scrub_reap.service.in
|
||||
+++ e2fsprogs-1.46.3/scrub/e2scrub_reap.service.in
|
||||
@@ -11,6 +11,16 @@ PrivateNetwork=true
|
||||
@@ -11,6 +11,15 @@ PrivateNetwork=true
|
||||
ProtectSystem=true
|
||||
ProtectHome=read-only
|
||||
PrivateTmp=yes
|
||||
+# added automatically, for details please see
|
||||
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||
+ProtectHostname=true
|
||||
+ProtectClock=true
|
||||
+ProtectKernelTunables=true
|
||||
+ProtectKernelModules=true
|
||||
+ProtectKernelLogs=true
|
||||
|
Loading…
Reference in New Issue
Block a user