Accepting request 925461 from home:jsegitz:branches:systemdhardening_protectclock

- Drop ProtectClock hardening, can cause issues if other device acceess is needed OBS-URL: https://build.opensuse.org/request/show/925461 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement/ipmiutil?expand=0&rev=44
2021-10-16 09:37:37 +00:00 · 2021-10-16 09:37:37 +00:00 · d3f84bf279
commit d3f84bf279
parent 4d8d81d479
5 changed files with 9 additions and 8 deletions
--- a/harden_ipmi_port.service.patch
+++ b/harden_ipmi_port.service.patch
@ -2,7 +2,7 @@ Index: ipmiutil-3.1.7/scripts/ipmi_port.service
 ===================================================================
 --- ipmiutil-3.1.7.orig/scripts/ipmi_port.service
 +++ ipmiutil-3.1.7/scripts/ipmi_port.service
-@@ -3,6 +3,18 @@ Description=ipmiutil ipmi_port service
+@@ -3,6 +3,17 @@ Description=ipmiutil ipmi_port service
 After=network.target
 
 [Service]
@ -11,7 +11,6 @@ Index: ipmiutil-3.1.7/scripts/ipmi_port.service
 +ProtectSystem=full
 +ProtectHome=true
 +ProtectHostname=true
-+ProtectClock=true
 +ProtectKernelTunables=true
 +ProtectKernelModules=true
 +ProtectKernelLogs=true
--- a/harden_ipmiutil_asy.service.patch
+++ b/harden_ipmiutil_asy.service.patch
@ -2,7 +2,7 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_asy.service
 ===================================================================
 --- ipmiutil-3.1.7.orig/scripts/ipmiutil_asy.service
 +++ ipmiutil-3.1.7/scripts/ipmiutil_asy.service
-@@ -3,6 +3,18 @@ Description=ipmiutil Async Bridge Agent
+@@ -3,6 +3,17 @@ Description=ipmiutil Async Bridge Agent
 After=network.target
 
 [Service]
@ -11,7 +11,6 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_asy.service
 +ProtectSystem=full
 +ProtectHome=true
 +ProtectHostname=true
-+ProtectClock=true
 +ProtectKernelTunables=true
 +ProtectKernelModules=true
 +ProtectKernelLogs=true
--- a/harden_ipmiutil_evt.service.patch
+++ b/harden_ipmiutil_evt.service.patch
@ -2,7 +2,7 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_evt.service
 ===================================================================
 --- ipmiutil-3.1.7.orig/scripts/ipmiutil_evt.service
 +++ ipmiutil-3.1.7/scripts/ipmiutil_evt.service
-@@ -3,6 +3,18 @@ Description=ipmiutil Event Daemon
+@@ -3,6 +3,17 @@ Description=ipmiutil Event Daemon
 After=network.target
 
 [Service]
@ -11,7 +11,6 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_evt.service
 +ProtectSystem=full
 +ProtectHome=true
 +ProtectHostname=true
-+ProtectClock=true
 +ProtectKernelTunables=true
 +ProtectKernelModules=true
 +ProtectKernelLogs=true
--- a/harden_ipmiutil_wdt.service.patch
+++ b/harden_ipmiutil_wdt.service.patch
@ -2,7 +2,7 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_wdt.service
 ===================================================================
 --- ipmiutil-3.1.7.orig/scripts/ipmiutil_wdt.service
 +++ ipmiutil-3.1.7/scripts/ipmiutil_wdt.service
-@@ -3,6 +3,18 @@ Description=ipmiutil Watchdog Timer Serv
+@@ -3,6 +3,17 @@ Description=ipmiutil Watchdog Timer Serv
 After=network.target
 
 [Service]
@ -11,7 +11,6 @@ Index: ipmiutil-3.1.7/scripts/ipmiutil_wdt.service
 +ProtectSystem=full
 +ProtectHome=true
 +ProtectHostname=true
-+ProtectClock=true
 +ProtectKernelTunables=true
 +ProtectKernelModules=true
 +ProtectKernelLogs=true
--- a/ipmiutil.changes
+++ b/ipmiutil.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Oct 15 12:12:08 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Drop ProtectClock hardening, can cause issues if other device acceess is needed
+
 -------------------------------------------------------------------
 Wed Sep 22 14:47:30 UTC 2021 - Johannes Segitz <jsegitz@suse.com>