Accepting request 925462 from home:jsegitz:branches:systemdhardening_protectclock

- Drop ProtectClock hardening, can cause issues if other device acceess is needed OBS-URL: https://build.opensuse.org/request/show/925462 OBS-URL: https://build.opensuse.org/package/show/network:utilities/iputils?expand=0&rev=98
2021-10-15 14:18:45 +00:00 · 2021-10-15 14:18:45 +00:00 · 83784f207b
commit 83784f207b
parent 1df0aacc1c
2 changed files with 6 additions and 2 deletions
--- a/harden_rdisc.service.patch
+++ b/harden_rdisc.service.patch
@ -2,14 +2,13 @@ Index: iputils-20210722/systemd/rdisc.service.in
 ===================================================================
 --- iputils-20210722.orig/systemd/rdisc.service.in
 +++ iputils-20210722/systemd/rdisc.service.in
-@@ -20,6 +20,12 @@ ProtectKernelModules=yes
+@@ -20,6 +20,11 @@ ProtectKernelModules=yes
 MemoryDenyWriteExecute=yes
 RestrictRealtime=yes
 RestrictNamespaces=yes
 +# added automatically, for details please see
 +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
 +ProtectHostname=true
-+ProtectClock=true
 +ProtectKernelLogs=true
 +# end of automatic additions 
 SystemCallArchitectures=native
--- a/iputils.changes
+++ b/iputils.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Oct 15 12:12:11 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Drop ProtectClock hardening, can cause issues if other device acceess is needed
+
 -------------------------------------------------------------------
 Wed Sep 22 14:49:53 UTC 2021 - Johannes Segitz <jsegitz@suse.com>