commit accountsservice for openSUSE:Factory

Mon, 28 Mar 2022 04:43:45 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package accountsservice for openSUSE:Factory 
checked in at 2022-03-28 13:43:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/accountsservice (Old)
 and      /work/SRC/openSUSE:Factory/.accountsservice.new.1900 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "accountsservice"

Mon Mar 28 13:43:28 2022 rev:78 rq: version:22.04.62

Changes:
--------
--- /work/SRC/openSUSE:Factory/accountsservice/accountsservice.changes  
2022-03-28 09:33:04.403014360 +0200
+++ 
/work/SRC/openSUSE:Factory/.accountsservice.new.1900/accountsservice.changes    
    2022-03-28 13:43:29.558541001 +0200
@@ -1,0 +2,9 @@
+Mon Mar 28 11:34:44 UTC 2022 - Dominique Leuenberger <dims...@opensuse.org>
+
+- Add accountsservice-too-restrictive.patch: weaken upstreams
+  policy of accounts-daemon.service to be similar, but still
+  stricter, to what we had with harden-accounts-daemon.service.patch.
+  Attempt to workaround
+  https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/102
+
+-------------------------------------------------------------------

New:
----
  accountsservice-too-restrictive.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ accountsservice.spec ++++++
--- /var/tmp/diff_new_pack.a3KIlL/_old  2022-03-28 13:43:30.042541624 +0200
+++ /var/tmp/diff_new_pack.a3KIlL/_new  2022-03-28 13:43:30.050541635 +0200
@@ -28,6 +28,8 @@
 # WARNING: do not remove/significantly change patch0 without updating the 
relevant patch in gdm too
 # PATCH-FIX-OPENSUSE accountsservice-sysconfig.patch bnc#688071 
vu...@opensuse.org -- Read/write autologin configuration from sysconfig, like 
gdm (see gdm-sysconfig-settings.patch)
 Patch1:         accountsservice-sysconfig.patch
+# PATCH-FIX-UPSTREAM accountsservice-too-restrictive.patch 
https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/102 -- 
Allow NAMESPACE switching until upstream finds the right flag
+Patch2:         accountsservice-too-restrictive.patch
 
 ## SLE and Leap only patches start at 1000
 # PATCH-FEATURE-SLE as-fate318433-prevent-same-account-multi-logins.patch 
fate#318433 cxi...@suse.com -- prevent multiple simultaneous login.
@@ -95,6 +97,7 @@
 %prep
 %setup -q
 %patch1 -p1
+%patch2 -p1
 
 # SLE and Leap patches start at 1000
 %if 0%{?sle_version}

++++++ accountsservice-too-restrictive.patch ++++++
Index: accountsservice-22.04.62/data/accounts-daemon.service.in
===================================================================
--- accountsservice-22.04.62.orig/data/accounts-daemon.service.in
+++ accountsservice-22.04.62/data/accounts-daemon.service.in
@@ -18,7 +18,7 @@ Environment=GVFS_REMOTE_VOLUME_MONITOR_I
 StateDirectory=AccountsService
 StateDirectoryMode=0775
 
-ProtectSystem=strict
+ProtectSystem=false
 PrivateDevices=true
 ProtectKernelTunables=true
 ProtectKernelModules=true
@@ -33,7 +33,7 @@ PrivateUsers=false
 RestrictAddressFamilies=AF_UNIX
 SystemCallArchitectures=native
 SystemCallFilter=~@mount
-RestrictNamespaces=true
+RestrictNamespaces=false
 LockPersonality=true
 MemoryDenyWriteExecute=true
 RestrictRealtime=true

Reply via email to