commit usbmuxd for openSUSE:Factory

Thu, 17 Feb 2022 14:42:24 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package usbmuxd for openSUSE:Factory checked 
in at 2022-02-17 23:40:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/usbmuxd (Old)
 and      /work/SRC/openSUSE:Factory/.usbmuxd.new.1958 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "usbmuxd"

Thu Feb 17 23:40:28 2022 rev:35 rq:955646 version:1.1.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/usbmuxd/usbmuxd.changes  2021-04-27 
21:35:24.836058036 +0200
+++ /work/SRC/openSUSE:Factory/.usbmuxd.new.1958/usbmuxd.changes        
2022-02-17 23:42:12.519700079 +0100
@@ -1,0 +2,6 @@
+Fri Nov 26 12:27:59 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_usbmuxd.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_usbmuxd.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ usbmuxd.spec ++++++
--- /var/tmp/diff_new_pack.Djgo4e/_old  2022-02-17 23:42:13.079700074 +0100
+++ /var/tmp/diff_new_pack.Djgo4e/_new  2022-02-17 23:42:13.087700074 +0100
@@ -29,6 +29,7 @@
 Patch0:         usbmuxd-add-socket-option.patch
 Patch1:         usbmuxd-add-pid-option.patch
 Patch2:         usbmuxd-run-dir.patch
+Patch3:         harden_usbmuxd.service.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  gcc-c++

++++++ harden_usbmuxd.service.patch ++++++
Index: usbmuxd-1.1.1/systemd/usbmuxd.service.in
===================================================================
--- usbmuxd-1.1.1.orig/systemd/usbmuxd.service.in
+++ usbmuxd-1.1.1/systemd/usbmuxd.service.in
@@ -3,5 +3,16 @@ Description=Socket daemon for the usbmux
 Documentation=man:usbmuxd(8)
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 ExecStart=@sbindir@/usbmuxd --user usbmux --systemd -S /run/usbmuxd -P 
/run/usbmuxd.pid
 PIDFile=/run/usbmuxd.pid

Reply via email to