commit nvme-cli for openSUSE:Factory

Source-Sync Sat, 16 Oct 2021 13:47:38 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package nvme-cli for openSUSE:Factory 
checked in at 2021-10-16 22:47:04
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/nvme-cli (Old)
 and      /work/SRC/openSUSE:Factory/.nvme-cli.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "nvme-cli"

Sat Oct 16 22:47:04 2021 rev:45 rq:925485 version:1.15

Changes:
--------
--- /work/SRC/openSUSE:Factory/nvme-cli/nvme-cli.changes        2021-08-25 
20:57:04.577250354 +0200
+++ /work/SRC/openSUSE:Factory/.nvme-cli.new.1890/nvme-cli.changes      
2021-10-16 22:47:29.268684212 +0200
@@ -1,0 +2,11 @@
+Fri Oct 15 12:12:46 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Drop ProtectClock hardening, can cause issues if other device acceess is 
needed
+
+-------------------------------------------------------------------
+Tue Oct 12 11:40:48 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_nvmf-connect@.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_nvmf-connect@.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ nvme-cli.spec ++++++
--- /var/tmp/diff_new_pack.wI7mNE/_old  2021-10-16 22:47:31.380685992 +0200
+++ /var/tmp/diff_new_pack.wI7mNE/_new  2021-10-16 22:47:31.380685992 +0200
@@ -27,6 +27,7 @@
 Source2:        nvme-cli-rpmlintrc
 # downstream patches:
 Patch102:       0102-nvme-cli-Add-script-to-determine-host-NQN.patch
+Patch103:      harden_nvmf-connect@.service.patch
 BuildRequires:  libhugetlbfs-devel
 BuildRequires:  libuuid-devel
 BuildRequires:  pkgconfig
@@ -65,6 +66,7 @@
 %prep
 %setup -q
 %patch102 -p1
+%patch103 -p1
 
 %build
 echo %{version} > version

++++++ harden_nvmf-connect@.service.patch ++++++
Index: nvme-cli-1.15/nvmf-autoconnect/systemd/nvmf-connect@.service
===================================================================
--- nvme-cli-1.15.orig/nvmf-autoconnect/systemd/nvmf-connect@.service
+++ nvme-cli-1.15/nvmf-autoconnect/systemd/nvmf-connect@.service
@@ -9,6 +9,17 @@ PartOf=nvmf-connect.target
 Requires=nvmf-connect.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=simple
 Environment="CONNECT_ARGS=%i"
 ExecStart=/bin/sh -c "nvme connect-all --matching --quiet `/bin/echo -e 
'${CONNECT_ARGS}'`"

commit nvme-cli for openSUSE:Factory

Reply via email to