commit spacenavd for openSUSE:Factory

Tue, 23 Nov 2021 13:13:22 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package spacenavd for openSUSE:Factory 
checked in at 2021-11-23 22:10:42
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/spacenavd (Old)
 and      /work/SRC/openSUSE:Factory/.spacenavd.new.1895 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "spacenavd"

Tue Nov 23 22:10:42 2021 rev:8 rq:933279 version:0.8

Changes:
--------
--- /work/SRC/openSUSE:Factory/spacenavd/spacenavd.changes      2021-03-17 
20:19:56.135315934 +0100
+++ /work/SRC/openSUSE:Factory/.spacenavd.new.1895/spacenavd.changes    
2021-11-23 22:13:01.750390017 +0100
@@ -1,0 +2,8 @@
+Wed Nov 17 10:49:36 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_spacenavd.service.patch
+  Modified:
+  * spacenavd.service
+
+-------------------------------------------------------------------

New:
----
  harden_spacenavd.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ spacenavd.spec ++++++
--- /var/tmp/diff_new_pack.zOUHQk/_old  2021-11-23 22:13:02.234388416 +0100
+++ /var/tmp/diff_new_pack.zOUHQk/_new  2021-11-23 22:13:02.238388403 +0100
@@ -30,6 +30,7 @@
 Source3:        xinitrc-%{name}
 Source4:        %{name}.service
 Patch1:         %{name}-fix-pidfile.patch
+Patch2:         harden_spacenavd.service.patch
 BuildRequires:  pkgconfig
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  pkgconfig(x11)
@@ -64,6 +65,7 @@
 %prep
 %setup -q
 %patch1 -p1
+%patch2 -p1
 
 %build
 %configure

++++++ harden_spacenavd.service.patch ++++++
Index: spacenavd-0.8/contrib/systemd/spacenavd.service
===================================================================
--- spacenavd-0.8.orig/contrib/systemd/spacenavd.service
+++ spacenavd-0.8/contrib/systemd/spacenavd.service
@@ -3,6 +3,17 @@ Description=3Dconnexion Input Devices Us
 After=syslog.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=forking
 PIDFile=/run/spnavd.pid
 ExecStart=/usr/local/bin/spacenavd

++++++ spacenavd.service ++++++
--- /var/tmp/diff_new_pack.zOUHQk/_old  2021-11-23 22:13:02.278388270 +0100
+++ /var/tmp/diff_new_pack.zOUHQk/_new  2021-11-23 22:13:02.278388270 +0100
@@ -2,6 +2,17 @@
 Description=Userspace Daemon of the spacenav driver.
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=forking
 PIDFile=/run/spnavd.pid
 ExecStart=/usr/sbin/spacenavd

Reply via email to