commit mcstrans for openSUSE:Factory

Mon, 11 Oct 2021 06:30:58 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package mcstrans for openSUSE:Factory 
checked in at 2021-10-11 15:30:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mcstrans (Old)
 and      /work/SRC/openSUSE:Factory/.mcstrans.new.2443 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "mcstrans"

Mon Oct 11 15:30:26 2021 rev:27 rq:923536 version:3.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/mcstrans/mcstrans.changes        2021-03-24 
16:09:04.843695232 +0100
+++ /work/SRC/openSUSE:Factory/.mcstrans.new.2443/mcstrans.changes      
2021-10-11 15:30:40.410754186 +0200
@@ -1,0 +2,6 @@
+Wed Oct  6 11:59:35 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_mcstrans.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_mcstrans.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ mcstrans.spec ++++++
--- /var/tmp/diff_new_pack.w4H1wL/_old  2021-10-11 15:30:40.962755071 +0200
+++ /var/tmp/diff_new_pack.w4H1wL/_new  2021-10-11 15:30:40.966755078 +0200
@@ -26,6 +26,7 @@
 Source:         
https://github.com/SELinuxProject/selinux/releases/download/%{version}/%{name}-%{version}.tar.gz
 Patch0:         %{name}-writepid.patch
 Patch1:         add_includes.patch
+Patch2:        harden_mcstrans.service.patch
 BuildRequires:  aaa_base
 BuildRequires:  libcap-devel
 BuildRequires:  libselinux-devel >= 1.30.3
@@ -54,6 +55,7 @@
 %setup -q
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
 
 %build
 export CFLAGS="%{optflags}"

++++++ harden_mcstrans.service.patch ++++++
Index: mcstrans-3.2/src/mcstrans.service
===================================================================
--- mcstrans-3.2.orig/src/mcstrans.service
+++ mcstrans-3.2/src/mcstrans.service
@@ -7,6 +7,16 @@ Before=shutdown.target sysinit.target
 Conflicts=shutdown.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 ExecStart=/sbin/mcstransd -f
 RuntimeDirectory=setrans

Reply via email to