Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/usbguard.git#d41c0811d4efe7ca8a62a730ca90d60b2b2c3288
This commit is contained in:
DistroBaker
parent
87c3bf2528
commit
cc14e01ec6
1
.gitignore
vendored
1
.gitignore
vendored
@ -19,3 +19,4 @@
|
||||
/usbguard-selinux-0.0.3.tar.gz
|
||||
/usbguard-0.7.8.tar.gz
|
||||
/usbguard-selinux-0.0.4.tar.gz
|
||||
/usbguard-1.0.0.tar.gz
|
||||
|
||||
2
sources
2
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (usbguard-0.7.8.tar.gz) = 315c25ed7eb61cc0920047836dcca035cb07aecb6dfece9e4f6dc2ad61aaf6fdbf86898e43493958f3d12a146eb4c8f88b90bb246da0df83bb2097ce5b853e88
|
||||
SHA512 (usbguard-1.0.0.tar.gz) = 068a9be8bd5ea05efcdad79e2c4beb5e8b646b4703fbe1f8bb262e37ae9a6284a6eeb811a6bd441250a38bce1e45b7f44ad15726aa5963da2e1b56e85f5e16fd
|
||||
SHA512 (usbguard-selinux-0.0.4.tar.gz) = b73b14396e40f847704511097bfed17c94b9b28cc70f3391a6effab763a315fe723aba37bb4c622d18ab691306c485fcd7632ccc8a837413f32c73cd9879c8b0
|
||||
|
||||
@ -1,34 +0,0 @@
|
||||
diff -up ./usbguard.service.in.forking ./usbguard.service.in
|
||||
--- ./usbguard.service.in.forking 2020-06-17 20:07:04.720564149 +0200
|
||||
+++ ./usbguard.service.in 2020-06-17 20:10:00.744063846 +0200
|
||||
@@ -8,11 +8,12 @@ AmbientCapabilities=
|
||||
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER
|
||||
DeviceAllow=/dev/null rw
|
||||
DevicePolicy=strict
|
||||
-ExecStart=%sbindir%/usbguard-daemon -k -c %sysconfdir%/usbguard/usbguard-daemon.conf
|
||||
+ExecStart=%sbindir%/usbguard-daemon -f -s -c %sysconfdir%/usbguard/usbguard-daemon.conf
|
||||
IPAddressDeny=any
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
NoNewPrivileges=yes
|
||||
+PIDFile=/var/run/usbguard.pid
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
ProtectControlGroups=yes
|
||||
@@ -20,14 +21,14 @@ ProtectHome=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectSystem=yes
|
||||
ReadOnlyPaths=-/
|
||||
-ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/
|
||||
+ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/ -/var/run
|
||||
Restart=on-failure
|
||||
RestrictAddressFamilies=AF_UNIX AF_NETLINK
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
SystemCallArchitectures=native
|
||||
SystemCallFilter=@system-service
|
||||
-Type=simple
|
||||
+Type=forking
|
||||
UMask=0077
|
||||
|
||||
[Install]
|
||||
@ -1,13 +0,0 @@
|
||||
diff -up ./usbguard.service.in.service-fips ./usbguard.service.in
|
||||
--- ./usbguard.service.in.service-fips 2020-06-22 10:44:44.815860376 +0200
|
||||
+++ ./usbguard.service.in 2020-06-22 10:45:07.699135514 +0200
|
||||
@@ -6,8 +6,7 @@ Documentation=man:usbguard-daemon(8)
|
||||
[Service]
|
||||
AmbientCapabilities=
|
||||
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER
|
||||
-DeviceAllow=/dev/null rw
|
||||
-DevicePolicy=strict
|
||||
+DevicePolicy=closed
|
||||
ExecStart=%sbindir%/usbguard-daemon -f -s -c %sysconfdir%/usbguard/usbguard-daemon.conf
|
||||
IPAddressDeny=any
|
||||
LockPersonality=yes
|
||||
@ -3,8 +3,8 @@
|
||||
%define semodule_version 0.0.4
|
||||
|
||||
Name: usbguard
|
||||
Version: 0.7.8
|
||||
Release: 5%{?dist}
|
||||
Version: 1.0.0
|
||||
Release: 1%{?dist}
|
||||
Summary: A tool for implementing USB device usage policy
|
||||
License: GPLv2+
|
||||
## Not installed
|
||||
@ -23,6 +23,7 @@ Requires(postun): /sbin/ldconfig
|
||||
Recommends: %{name}-selinux
|
||||
Obsoletes: %{name}-applet-qt < 0.7.6
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: libqb-devel
|
||||
@ -38,9 +39,6 @@ BuildRequires: audit-libs-devel
|
||||
# For `pkg-config systemd` only
|
||||
BuildRequires: systemd
|
||||
|
||||
Patch1: usbguard-forking-style.patch
|
||||
Patch2: usbguard-service-fips.patch
|
||||
|
||||
%description
|
||||
The USBGuard software framework helps to protect your computer against rogue USB
|
||||
devices by implementing basic whitelisting/blacklisting capabilities based on
|
||||
@ -102,9 +100,6 @@ daemon.
|
||||
# selinux
|
||||
%setup -q -D -T -a 1
|
||||
|
||||
%patch1 -p1 -b .service1
|
||||
%patch2 -p1 -b .service2
|
||||
|
||||
# Remove bundled library sources before build
|
||||
rm -rf src/ThirdParty/{Catch,PEGTL}
|
||||
|
||||
@ -227,6 +222,17 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Jan 14 2021 Zoltan Fridrich <zfridric@redhat.com> - 1.0.0-1
|
||||
- rebase usbguard to 1.0.0
|
||||
- added support for rules covering combination of classes
|
||||
- fix usbguard being killed
|
||||
Resolves: rhbz#1916039
|
||||
Resolves: rhbz#1861330
|
||||
Resolves: rhbz#1905257
|
||||
|
||||
* Wed Jan 13 14:43:57 CET 2021 Adrian Reber <adrian@lisas.de> - 0.7.8-6
|
||||
- Rebuilt for protobuf 3.14
|
||||
|
||||
* Thu Sep 24 2020 Adrian Reber <adrian@lisas.de> - 0.7.8-5
|
||||
- Rebuilt for protobuf 3.13
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user