Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tpm2.0-abrmd for openSUSE:Factory checked in at 2021-12-01 20:46:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tpm2.0-abrmd (Old) and /work/SRC/openSUSE:Factory/.tpm2.0-abrmd.new.31177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tpm2.0-abrmd" Wed Dec 1 20:46:21 2021 rev:20 rq:934685 version:2.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/tpm2.0-abrmd/tpm2.0-abrmd.changes 2021-08-02 12:04:24.405664495 +0200 +++ /work/SRC/openSUSE:Factory/.tpm2.0-abrmd.new.31177/tpm2.0-abrmd.changes 2021-12-02 02:27:44.480091791 +0100 @@ -1,0 +2,6 @@ +Thu Nov 25 09:16:32 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_tpm2-abrmd.service.patch + +------------------------------------------------------------------- New: ---- harden_tpm2-abrmd.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tpm2.0-abrmd.spec ++++++ --- /var/tmp/diff_new_pack.eCuOLB/_old 2021-12-02 02:27:44.928090245 +0100 +++ /var/tmp/diff_new_pack.eCuOLB/_new 2021-12-02 02:27:44.932090231 +0100 @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # + %global selinuxtype targeted %global modulename tabrmd Name: tpm2.0-abrmd @@ -26,6 +27,7 @@ URL: https://github.com/tpm2-software/tpm2-abrmd Source0: https://github.com/tpm2-software/tpm2-abrmd/releases/download/%{version}/tpm2-abrmd-%{version}.tar.gz Source1: tpm2.0-abrmd.rpmlintrc +Patch0: harden_tpm2-abrmd.service.patch BuildRequires: autoconf-archive BuildRequires: automake BuildRequires: checkpolicy @@ -33,11 +35,11 @@ BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: policycoreutils +BuildRequires: selinux-policy-devel BuildRequires: systemd-rpm-macros BuildRequires: pkgconfig(dbus-1) BuildRequires: pkgconfig(gio-unix-2.0) BuildRequires: pkgconfig(tss2-sys) -BuildRequires: selinux-policy-devel # due to %%selinux_requires BuildRequires: pkgconfig(systemd) # @@ -90,7 +92,7 @@ %postun -n libtss2-tcti-tabrmd0 -p /sbin/ldconfig %prep -%autosetup -n tpm2-abrmd-%{version} +%autosetup -n tpm2-abrmd-%{version} -p1 %build export CFLAGS="%{optflags} -fPIE" ++++++ harden_tpm2-abrmd.service.patch ++++++ Index: tpm2-abrmd-2.4.0/dist/tpm2-abrmd.service.in =================================================================== --- tpm2-abrmd-2.4.0.orig/dist/tpm2-abrmd.service.in +++ tpm2-abrmd-2.4.0/dist/tpm2-abrmd.service.in @@ -6,6 +6,17 @@ After=dev-tpm0.device Requires=dev-tpm0.device [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=read-only +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=dbus BusName=com.intel.tss2.Tabrmd ExecStart=@SBINDIR@/tpm2-abrmd
