Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package accountsservice for openSUSE:Factory
checked in at 2022-03-28 13:43:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/accountsservice (Old)
and /work/SRC/openSUSE:Factory/.accountsservice.new.1900 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "accountsservice"
Mon Mar 28 13:43:28 2022 rev:78 rq: version:22.04.62
Changes:
--------
--- /work/SRC/openSUSE:Factory/accountsservice/accountsservice.changes
2022-03-28 09:33:04.403014360 +0200
+++
/work/SRC/openSUSE:Factory/.accountsservice.new.1900/accountsservice.changes
2022-03-28 13:43:29.558541001 +0200
@@ -1,0 +2,9 @@
+Mon Mar 28 11:34:44 UTC 2022 - Dominique Leuenberger <[email protected]>
+
+- Add accountsservice-too-restrictive.patch: weaken upstreams
+ policy of accounts-daemon.service to be similar, but still
+ stricter, to what we had with harden-accounts-daemon.service.patch.
+ Attempt to workaround
+ https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/102
+
+-------------------------------------------------------------------
New:
----
accountsservice-too-restrictive.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ accountsservice.spec ++++++
--- /var/tmp/diff_new_pack.a3KIlL/_old 2022-03-28 13:43:30.042541624 +0200
+++ /var/tmp/diff_new_pack.a3KIlL/_new 2022-03-28 13:43:30.050541635 +0200
@@ -28,6 +28,8 @@
# WARNING: do not remove/significantly change patch0 without updating the
relevant patch in gdm too
# PATCH-FIX-OPENSUSE accountsservice-sysconfig.patch bnc#688071
[email protected] -- Read/write autologin configuration from sysconfig, like
gdm (see gdm-sysconfig-settings.patch)
Patch1: accountsservice-sysconfig.patch
+# PATCH-FIX-UPSTREAM accountsservice-too-restrictive.patch
https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/102 --
Allow NAMESPACE switching until upstream finds the right flag
+Patch2: accountsservice-too-restrictive.patch
## SLE and Leap only patches start at 1000
# PATCH-FEATURE-SLE as-fate318433-prevent-same-account-multi-logins.patch
fate#318433 [email protected] -- prevent multiple simultaneous login.
@@ -95,6 +97,7 @@
%prep
%setup -q
%patch1 -p1
+%patch2 -p1
# SLE and Leap patches start at 1000
%if 0%{?sle_version}
++++++ accountsservice-too-restrictive.patch ++++++
Index: accountsservice-22.04.62/data/accounts-daemon.service.in
===================================================================
--- accountsservice-22.04.62.orig/data/accounts-daemon.service.in
+++ accountsservice-22.04.62/data/accounts-daemon.service.in
@@ -18,7 +18,7 @@ Environment=GVFS_REMOTE_VOLUME_MONITOR_I
StateDirectory=AccountsService
StateDirectoryMode=0775
-ProtectSystem=strict
+ProtectSystem=false
PrivateDevices=true
ProtectKernelTunables=true
ProtectKernelModules=true
@@ -33,7 +33,7 @@ PrivateUsers=false
RestrictAddressFamilies=AF_UNIX
SystemCallArchitectures=native
SystemCallFilter=~@mount
-RestrictNamespaces=true
+RestrictNamespaces=false
LockPersonality=true
MemoryDenyWriteExecute=true
RestrictRealtime=true
