- Adjust harden_squid.service.patch to resolve boo#1193938
OBS-URL: https://build.opensuse.org/package/show/server:proxy/squid?expand=0&rev=244
This commit is contained in:
parent
da562559a5
commit
c791b32bc9
@ -1,15 +1,14 @@
|
|||||||
Index: squid-5.2/tools/systemd/squid.service
|
Index: squid-5.3/tools/systemd/squid.service
|
||||||
===================================================================
|
===================================================================
|
||||||
--- squid-5.2.orig/tools/systemd/squid.service
|
--- squid-5.3.orig/tools/systemd/squid.service
|
||||||
+++ squid-5.2/tools/systemd/squid.service
|
+++ squid-5.3/tools/systemd/squid.service
|
||||||
@@ -11,6 +11,19 @@ Documentation=man:squid(8)
|
@@ -11,6 +11,18 @@ Documentation=man:squid(8)
|
||||||
After=network.target network-online.target nss-lookup.target
|
After=network.target network-online.target nss-lookup.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
+# added automatically, for details please see
|
+# added automatically, for details please see
|
||||||
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||||
+ProtectSystem=full
|
+ProtectSystem=full
|
||||||
+ProtectHome=true
|
|
||||||
+PrivateDevices=true
|
+PrivateDevices=true
|
||||||
+ProtectHostname=true
|
+ProtectHostname=true
|
||||||
+ProtectClock=true
|
+ProtectClock=true
|
||||||
@ -18,7 +17,7 @@ Index: squid-5.2/tools/systemd/squid.service
|
|||||||
+ProtectKernelLogs=true
|
+ProtectKernelLogs=true
|
||||||
+ProtectControlGroups=true
|
+ProtectControlGroups=true
|
||||||
+RestrictRealtime=true
|
+RestrictRealtime=true
|
||||||
+# end of automatic additions
|
+# end of automatic additions
|
||||||
Type=notify
|
Type=notify
|
||||||
PIDFile=/var/run/squid.pid
|
PIDFile=/var/run/squid.pid
|
||||||
ExecStartPre=/usr/sbin/squid --foreground -z
|
ExecStartPre=/usr/sbin/squid --foreground -z
|
||||||
|
@ -1,3 +1,8 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 22 14:03:32 UTC 2021 - Martin Pluskal <mpluskal@suse.com>
|
||||||
|
|
||||||
|
- Adjust harden_squid.service.patch to resolve boo#1193938
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sat Dec 11 09:36:41 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
Sat Dec 11 09:36:41 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
@ -69,15 +69,14 @@ BuildRequires: pkgconfig(tdb)
|
|||||||
Requires(pre): permissions
|
Requires(pre): permissions
|
||||||
Recommends: logrotate
|
Recommends: logrotate
|
||||||
Provides: http_proxy
|
Provides: http_proxy
|
||||||
%if 0%{suse_version} <= 1500
|
%{?systemd_ordering}
|
||||||
|
%if 0%{?suse_version} <= 1500
|
||||||
# due to package rename
|
# due to package rename
|
||||||
# Wed Aug 15 17:40:30 UTC 2012
|
# Wed Aug 15 17:40:30 UTC 2012
|
||||||
# remove this after SLE15
|
# remove this after SLE15
|
||||||
Provides: %{name}3 = %{version}
|
Provides: %{name}3 = %{version}
|
||||||
Obsoletes: %{name}3 < %{version}
|
Obsoletes: %{name}3 < %{version}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%{?systemd_ordering}
|
|
||||||
%if 0%{?suse_version} >= 1500
|
%if 0%{?suse_version} >= 1500
|
||||||
BuildRequires: sysuser-shadow
|
BuildRequires: sysuser-shadow
|
||||||
BuildRequires: sysuser-tools
|
BuildRequires: sysuser-tools
|
||||||
@ -236,7 +235,6 @@ make check %{?_smp_mflags}
|
|||||||
%if 0%{?suse_version} >= 1500
|
%if 0%{?suse_version} >= 1500
|
||||||
%pre -f squid.pre
|
%pre -f squid.pre
|
||||||
%else
|
%else
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
# we need this group for /usr/sbin/pinger
|
# we need this group for /usr/sbin/pinger
|
||||||
getent group %{name} >/dev/null || %{_sbindir}/groupadd -g 31 -r %{name}
|
getent group %{name} >/dev/null || %{_sbindir}/groupadd -g 31 -r %{name}
|
||||||
|
Loading…
Reference in New Issue
Block a user