From 83784f207b62ce86fc2db38b73545cb80af24c5432b06767ee04672842b727c8 Mon Sep 17 00:00:00 2001
From: Petr Vorel <petr.vorel@gmail.com>
Date: Fri, 15 Oct 2021 14:18:45 +0000
Subject: [PATCH] Accepting request 925462 from
 home:jsegitz:branches:systemdhardening_protectclock

- Drop ProtectClock hardening, can cause issues if other device acceess is needed

OBS-URL: https://build.opensuse.org/request/show/925462
OBS-URL: https://build.opensuse.org/package/show/network:utilities/iputils?expand=0&rev=98
---
 harden_rdisc.service.patch | 3 +--
 iputils.changes            | 5 +++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/harden_rdisc.service.patch b/harden_rdisc.service.patch
index a5e72c0..910ded1 100644
--- a/harden_rdisc.service.patch
+++ b/harden_rdisc.service.patch
@@ -2,14 +2,13 @@ Index: iputils-20210722/systemd/rdisc.service.in
 ===================================================================
 --- iputils-20210722.orig/systemd/rdisc.service.in
 +++ iputils-20210722/systemd/rdisc.service.in
-@@ -20,6 +20,12 @@ ProtectKernelModules=yes
+@@ -20,6 +20,11 @@ ProtectKernelModules=yes
  MemoryDenyWriteExecute=yes
  RestrictRealtime=yes
  RestrictNamespaces=yes
 +# added automatically, for details please see
 +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
 +ProtectHostname=true
-+ProtectClock=true
 +ProtectKernelLogs=true
 +# end of automatic additions 
  SystemCallArchitectures=native
diff --git a/iputils.changes b/iputils.changes
index ac33500..a58d3e0 100644
--- a/iputils.changes
+++ b/iputils.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Oct 15 12:12:11 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Drop ProtectClock hardening, can cause issues if other device acceess is needed
+
 -------------------------------------------------------------------
 Wed Sep 22 14:49:53 UTC 2021 - Johannes Segitz <jsegitz@suse.com>