From a3c5dd1800a93ab688359d81b2f6fb2ffa65969125238d486b2d08cace55ee19 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Thu, 28 Oct 2021 12:17:47 +0000 Subject: [PATCH] Accepting request 927939 from home:tiwai:branches:multimedia:libs - Revert the previous change, as it turned out to be broken; Drop harden_pulseaudio.service.patch OBS-URL: https://build.opensuse.org/request/show/927939 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/pulseaudio?expand=0&rev=246 --- harden_pulseaudio.service.patch | 24 ------------------------ pulseaudio.changes | 6 ++++++ pulseaudio.service | 13 ------------- pulseaudio.spec | 2 -- 4 files changed, 6 insertions(+), 39 deletions(-) delete mode 100644 harden_pulseaudio.service.patch diff --git a/harden_pulseaudio.service.patch b/harden_pulseaudio.service.patch deleted file mode 100644 index 4683b58..0000000 --- a/harden_pulseaudio.service.patch +++ /dev/null @@ -1,24 +0,0 @@ -Index: pulseaudio-15.0/src/daemon/systemd/user/pulseaudio.service.in -=================================================================== ---- pulseaudio-15.0.orig/src/daemon/systemd/user/pulseaudio.service.in -+++ pulseaudio-15.0/src/daemon/systemd/user/pulseaudio.service.in -@@ -23,6 +23,19 @@ MemoryDenyWriteExecute=yes - NoNewPrivileges=yes - Restart=on-failure - RestrictNamespaces=yes -+# added automatically, for details please see -+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort -+ProtectSystem=full -+ProtectHome=read-only -+PrivateDevices=true -+ProtectHostname=true -+ProtectClock=true -+ProtectKernelTunables=true -+ProtectKernelModules=true -+ProtectKernelLogs=true -+ProtectControlGroups=true -+RestrictRealtime=true -+# end of automatic additions - SystemCallArchitectures=native - SystemCallFilter=@system-service - # Note that notify will only work if --daemonize=no diff --git a/pulseaudio.changes b/pulseaudio.changes index 1ca4f74..4a619f1 100644 --- a/pulseaudio.changes +++ b/pulseaudio.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Oct 28 14:14:55 CEST 2021 - tiwai@suse.de + +- Revert the previous change, as it turned out to be broken; + Drop harden_pulseaudio.service.patch + ------------------------------------------------------------------- Wed Oct 20 14:37:33 UTC 2021 - Johannes Segitz diff --git a/pulseaudio.service b/pulseaudio.service index 0685f27..be0439a 100644 --- a/pulseaudio.service +++ b/pulseaudio.service @@ -3,19 +3,6 @@ Description=System wide PulseAudio instance After=syslog.target network.target alsasound.service [Service] -# added automatically, for details please see -# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort -ProtectSystem=full -ProtectHome=read-only -PrivateDevices=true -ProtectHostname=true -ProtectClock=true -ProtectKernelTunables=true -ProtectKernelModules=true -ProtectKernelLogs=true -ProtectControlGroups=true -RestrictRealtime=true -# end of automatic additions Type=simple Restart=always ExecStart=/usr/bin/pulseaudio --system --log-target=journal diff --git a/pulseaudio.spec b/pulseaudio.spec index 38ced8d..4cb0b13 100644 --- a/pulseaudio.spec +++ b/pulseaudio.spec @@ -53,7 +53,6 @@ Patch1: suppress-socket-error-msg.diff Patch5: qpaeq-shebang.patch # PATCH-FIX-OPENSUSE Workaround for old systemd on Leap 15.x Patch6: pulseaudio-old-systemd-workaround.patch -Patch7: harden_pulseaudio.service.patch BuildRequires: alsa-devel >= 1.0.19 BuildRequires: bluez-devel >= 5 BuildRequires: fdupes @@ -335,7 +334,6 @@ System user for PulseAudio %if 0%{?suse_version} < 1550 %patch6 -p1 %endif -%patch7 -p1 %build %meson \