From 21556098049106e71ce7481af3276270d15cca41c8cd263a91113e256a13462d Mon Sep 17 00:00:00 2001
From: Johannes Weberhofer <jweberhofer@weberhofer.at>
Date: Mon, 29 Aug 2022 13:07:53 +0000
Subject: [PATCH] Accepting request 998247 from
 home:crameleon:branches:network:telephony

Adjust hardening, README and license year

OBS-URL: https://build.opensuse.org/request/show/998247
OBS-URL: https://build.opensuse.org/package/show/network:telephony/coturn?expand=0&rev=22
---
 README.SUSE    | 7 ++++---
 coturn.changes | 5 +++++
 coturn.service | 2 +-
 coturn.spec    | 2 +-
 4 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/README.SUSE b/README.SUSE
index a3d0e15..2ee239e 100644
--- a/README.SUSE
+++ b/README.SUSE
@@ -1,12 +1,13 @@
 Configuration files:
-  * /etc/coturn/turnserver.conf is the mail configuration file
+  * /etc/coturn/turnserver.conf is the main configuration file
   * /etc/sysconfig/coturn can be used to set additional command line parameters
 
-To allow traffic going thru the firewall use
+Allow traffic through the firewall:
 ```
-firewall-cmd --zone=public --add-service=coturn [--permanent]
+firewall-cmd --zone=<zone> --add-service=coturn [--permanent]
 ```
 
+Notes:
 * /etc/syconfig/coturn has the option '--no-software-attribute' enabled to hide 
   the software version for production issue.
 
diff --git a/coturn.changes b/coturn.changes
index 5ec52f6..f2b5a29 100644
--- a/coturn.changes
+++ b/coturn.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Aug 19 19:25:35 UTC 2022 - Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
+
+- Drop @privileged SystemCallFilter, can prevent service from starting (status=31/SYS)
+
 -------------------------------------------------------------------
 Mon Oct 18 14:55:57 UTC 2021 - Michael Ströder <michael@stroeder.com>
 
diff --git a/coturn.service b/coturn.service
index b22e214..61e2790 100644
--- a/coturn.service
+++ b/coturn.service
@@ -49,7 +49,7 @@ RestrictSUIDSGID=yes
 RestrictRealtime=true
 # end of automatic additions 
 SystemCallArchitectures=native
-SystemCallFilter=~@clock @debug @module @mount @raw-io @reboot @swap @privileged @resources @cpu-emulation @obsolete
+SystemCallFilter=~@clock @debug @module @mount @raw-io @reboot @swap @resources @cpu-emulation @obsolete
 
 [Install]
 WantedBy=multi-user.target
diff --git a/coturn.spec b/coturn.spec
index cdee087..b0e34ff 100644
--- a/coturn.spec
+++ b/coturn.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package coturn
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed