From 84afc138685d73fa3b37f6fa4572c4404117e81430ba558e8a8bd1c87dc7834e Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Mon, 17 Jan 2022 10:41:14 +0000 Subject: [PATCH 1/2] Accepting request 946765 from home:gmbr3:Active - Add now working CONFIG parameter to sysusers generator OBS-URL: https://build.opensuse.org/request/show/946765 OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=238 --- dhcp.changes | 5 +++++ dhcp.spec | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/dhcp.changes b/dhcp.changes index 78a29be..bbdcd5b 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Jan 14 13:19:38 UTC 2022 - Callum Farmer + +- Add now working CONFIG parameter to sysusers generator + ------------------------------------------------------------------- Tue Oct 26 11:58:59 UTC 2021 - Reinhard Max diff --git a/dhcp.spec b/dhcp.spec index fe58d6f..eaa671f 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -274,7 +274,7 @@ cat bind/install.log : building dhcp sources %make_build %if %{with sysusers} -%sysusers_generate_pre %{SOURCE47} dhcp-server +%sysusers_generate_pre %{SOURCE47} dhcp-server dhcp-user.conf %endif %check From 92a09ecba6935d13a70cdd091eb0e599b44b50e9eeadaad3354e16afee4d143f Mon Sep 17 00:00:00 2001 From: Reinhard Max Date: Mon, 17 Jan 2022 10:42:10 +0000 Subject: [PATCH 2/2] Accepting request 946921 from home:jsegitz:branches:network:dhcp - Drop PrivateDevices and ProtectClock hardenings. They clash with the chroot logic (bsc#1194722) OBS-URL: https://build.opensuse.org/request/show/946921 OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=239 --- dhcp.changes | 6 ++++++ dhcp.spec | 2 +- dhcpd.service | 2 -- dhcpd6.service | 2 -- dhcrelay.service | 2 -- dhcrelay6.service | 2 -- 6 files changed, 7 insertions(+), 9 deletions(-) diff --git a/dhcp.changes b/dhcp.changes index bbdcd5b..859b46e 100644 --- a/dhcp.changes +++ b/dhcp.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Jan 17 08:52:07 UTC 2022 - Johannes Segitz + +- Drop PrivateDevices and ProtectClock hardenings. They clash with + the chroot logic (bsc#1194722) + ------------------------------------------------------------------- Fri Jan 14 13:19:38 UTC 2022 - Callum Farmer diff --git a/dhcp.spec b/dhcp.spec index eaa671f..92d84df 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -1,7 +1,7 @@ # # spec file for package dhcp # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/dhcpd.service b/dhcpd.service index 40d7365..9663af2 100644 --- a/dhcpd.service +++ b/dhcpd.service @@ -8,8 +8,6 @@ After=remote-fs.target network.target nss-lookup.target time-sync.target slapd.s # https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ProtectSystem=full ProtectHome=true -PrivateDevices=true -ProtectClock=true ProtectKernelTunables=true ProtectKernelModules=true ProtectKernelLogs=true diff --git a/dhcpd6.service b/dhcpd6.service index af974cd..2370a2b 100644 --- a/dhcpd6.service +++ b/dhcpd6.service @@ -8,8 +8,6 @@ After=remote-fs.target network.target nss-lookup.target time-sync.target slapd.s # https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ProtectSystem=full ProtectHome=true -PrivateDevices=true -ProtectClock=true ProtectKernelTunables=true ProtectKernelModules=true ProtectKernelLogs=true diff --git a/dhcrelay.service b/dhcrelay.service index ba77767..6b0af82 100644 --- a/dhcrelay.service +++ b/dhcrelay.service @@ -8,8 +8,6 @@ After=remote-fs.target network.target nss-lookup.target time-sync.target ldap.se # https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ProtectSystem=full ProtectHome=true -PrivateDevices=true -ProtectClock=true ProtectKernelTunables=true ProtectKernelModules=true ProtectKernelLogs=true diff --git a/dhcrelay6.service b/dhcrelay6.service index f3f5dba..cb77590 100644 --- a/dhcrelay6.service +++ b/dhcrelay6.service @@ -8,8 +8,6 @@ After=remote-fs.target network.target nss-lookup.target time-sync.target ldap.se # https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ProtectSystem=full ProtectHome=true -PrivateDevices=true -ProtectClock=true ProtectKernelTunables=true ProtectKernelModules=true ProtectKernelLogs=true