diff --git a/iodine.changes b/iodine.changes index de77d68..52d00aa 100644 --- a/iodine.changes +++ b/iodine.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Sun Sep 3 14:31:36 UTC 2023 - malcolmlewis@opensuse.org + +- Comment out ProtectClock in hardening, (boo#1206835). Modified: + * iodine.service. + * iodined.service. + ------------------------------------------------------------------- Wed Sep 22 14:45:53 UTC 2021 - Johannes Segitz diff --git a/iodine.service b/iodine.service index ec03160..4f49176 100644 --- a/iodine.service +++ b/iodine.service @@ -1,6 +1,6 @@ # /lib/systemd/system/iodine.service # -# Copyright (c) 2012 Malcolm J Lewis +# Copyright (c) 2012-2023 Malcolm J Lewis # [Unit] @@ -14,7 +14,7 @@ ProtectSystem=full ProtectHome=true PrivateDevices=true ProtectHostname=true -ProtectClock=true +# ProtectClock=true see boo#1206835 ProtectKernelTunables=true ProtectKernelModules=true ProtectKernelLogs=true @@ -31,4 +31,4 @@ RestartSec=0 KillSignal=SIGHUP [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target diff --git a/iodine.spec b/iodine.spec index 03dd6b4..d513973 100644 --- a/iodine.spec +++ b/iodine.spec @@ -1,7 +1,7 @@ # # spec file for package iodine # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2023 SUSE LLC # Copyright (c) 2012 Malcolm J Lewis # # All modifications and additions to the file contributed by third parties diff --git a/iodined.service b/iodined.service index fbc5da8..5f4fde2 100644 --- a/iodined.service +++ b/iodined.service @@ -1,6 +1,6 @@ # /lib/systemd/system/iodined.service # -# Copyright (c) 2012 Malcolm J Lewis +# Copyright (c) 2012-2023 Malcolm J Lewis # [Unit] @@ -14,7 +14,7 @@ ProtectSystem=full ProtectHome=true PrivateDevices=true ProtectHostname=true -ProtectClock=true +# ProtectClock=true see boo#1206835 ProtectKernelTunables=true ProtectKernelModules=true ProtectKernelLogs=true