Accepting request 934178 from Base:System

OBS-URL: https://build.opensuse.org/request/show/934178 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hostapd?expand=0&rev=45
2021-11-29 16:28:28 +00:00 · 2021-11-29 16:28:28 +00:00 · 62e15b2a7c
commit 62e15b2a7c
parent 30352b57d0 928e3f9dd7
3 changed files with 24 additions and 1 deletions
--- a/apparmor-usr.sbin.hostapd
+++ b/apparmor-usr.sbin.hostapd
@ -17,7 +17,7 @@ profile hostapd /usr/sbin/hostapd {

  # grant read access to config files
  /etc/hostapd.* r,
-
+  /etc/ssl/openssl.cnf r,
  /etc/libnl/classid r,

  @{PROC}/sys/net/ipv*/conf/*/arp_accept w,
--- a/hostapd.changes
+++ b/hostapd.changes
@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Fri Nov 26 20:52:19 UTC 2021 - Clemens Famulla-Conrad <cfamullaconrad@suse.com>
+
+- Fix AppArmor profile -- allow access to /etc/ssl/openssl.cnf
+  (bsc#1192959)
+
+-------------------------------------------------------------------
+Fri Oct 15 07:29:27 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * hostapd.service
+
 -------------------------------------------------------------------
 Wed Jul 14 08:41:42 UTC 2021 - Michael Ströder <michael@stroeder.com>

--- a/hostapd.service
+++ b/hostapd.service
@ -3,6 +3,17 @@ Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticato
 After=network.target

 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 ExecStart=/usr/sbin/hostapd /etc/hostapd.conf 
 ExecReload=/bin/kill -HUP $MAINPID