pool/spice-vdagent
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):

Browse Source 
* harden_spice-vdagentd.service.patch

OBS-URL: https://build.opensuse.org/package/show/Virtualization/spice-vdagent?expand=0&rev=47
This commit is contained in:
Charles Arnold 2022-02-14 20:06:58 +00:00 committed by Git OBS Bridge
parent 24a8a8377c
commit e9323a2edf
3 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
harden_spice-vdagentd.service.patch Normal file
View File

@ -0,0 +1,22 @@
Index: spice-vdagent-0.21.0/data/spice-vdagentd.service
===================================================================
--- spice-vdagent-0.21.0.orig/data/spice-vdagentd.service
+++ spice-vdagent-0.21.0/data/spice-vdagentd.service
@@ -9,6 +9,17 @@ EnvironmentFile=-/etc/sysconfig/spice-vd
ExecStart=/usr/sbin/spice-vdagentd $SPICE_VDAGENTD_EXTRA_ARGS
PIDFile=/run/spice-vdagentd/spice-vdagentd.pid
PrivateTmp=true
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Restart=on-failure
[Install]

6
spice-vdagent.changes
View File

@ -8,6 +8,12 @@ Fri Feb 11 11:25:16 MST 2022 - carnold@suse.com
* !37 - Provide systemd spice-vdagent.service
Do not process X11 events in vdagent_x11_create
-------------------------------------------------------------------
Thu Dec 16 16:05:34 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_spice-vdagentd.service.patch
-------------------------------------------------------------------
Fri Jan 15 16:51:11 UTC 2021 - Bruce Rogers <brogers@suse.com>

3
spice-vdagent.spec
View File

@ -28,8 +28,8 @@ License: GPL-3.0-or-later
Group: System/Daemons
URL: http://spice-space.org/
Source: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2
###Source1: http://spice-space.org/download/releases/%{name}-%{version}.tar.bz2.sig
Source2: %{name}.keyring
Patch0: harden_spice-vdagentd.service.patch
BuildRequires: alsa-devel >= 1.0.22
BuildRequires: desktop-file-utils
@ -65,6 +65,7 @@ Features:
%prep
%setup -q
%patch0 -p1
%build
autoreconf