pool/usb_modeswitch
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 934995 from home:jsegitz:branches:systemdhardening:hardware

Browse Source 
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/934995
OBS-URL: https://build.opensuse.org/package/show/hardware/usb_modeswitch?expand=0&rev=81
This commit is contained in:
andrea florio 2022-02-15 10:22:08 +00:00 committed by Git OBS Bridge
parent e4f1b78e85
commit 75dc410eed
3 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
harden_usb_modeswitch@.service.patch Normal file
View File

@ -0,0 +1,22 @@
Index: usb-modeswitch-2.6.1/usb_modeswitch@.service
===================================================================
--- usb-modeswitch-2.6.1.orig/usb_modeswitch@.service
+++ usb-modeswitch-2.6.1/usb_modeswitch@.service
@@ -2,6 +2,17 @@
Description=USB_ModeSwitch_%i
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=oneshot
ExecStart=/usr/sbin/usb_modeswitch_dispatcher --switch-mode %i
# Testing

6
usb_modeswitch.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Nov 26 12:00:38 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_usb_modeswitch@.service.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Sep 17 06:17:44 UTC 2020 - Dirk Mueller <dmueller@suse.com> Thu Sep 17 06:17:44 UTC 2020 - Dirk Mueller <dmueller@suse.com>

2
usb_modeswitch.spec
View File

@ -31,6 +31,7 @@ Source1: https://www.draisberghof.de/usb_modeswitch/%{source_name}-data-%
Source2: https://www.draisberghof.de/usb_modeswitch/device_reference.txt Source2: https://www.draisberghof.de/usb_modeswitch/device_reference.txt
Source3: https://www.draisberghof.de/usb_modeswitch/parameter_reference.txt Source3: https://www.draisberghof.de/usb_modeswitch/parameter_reference.txt
Patch1: usb_modeswitch-fix_fsf_address.patch Patch1: usb_modeswitch-fix_fsf_address.patch
Patch2: harden_usb_modeswitch@.service.patch
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: pkgconfig BuildRequires: pkgconfig
BuildRequires: pkgconfig(libusb-1.0) BuildRequires: pkgconfig(libusb-1.0)
@ -59,6 +60,7 @@ Data files for usb_modeswitch package.
%prep %prep
%setup -q -a1 -n %{source_name}-%{version} %setup -q -a1 -n %{source_name}-%{version}
%patch1 %patch1
%patch2 -p1
cp %{SOURCE2} . cp %{SOURCE2} .
cp %{SOURCE3} . cp %{SOURCE3} .