[dptfxtract/f31] Fix error allowing access to / by dptfxtract

commit e4f3e396c551b6265fd0668bcb050d62872369d6 Author: Benjamin Berg <bberg(a)redhat.com&gt; Date: Tue Feb 11 11:30:45 2020 +0100 Fix error allowing access to / by dptfxtract Work aound dtpfxtract trying to write to the current working directory dptfxtract.service | 3 ++- dptfxtract.spec | 6 +++++- 2 files changed, 7 insertions(+), 2 deletions(-) --- diff --git a/dptfxtract.service b/dptfxtract.service index 766d554..2bf6af1 100644 --- a/dptfxtract.service +++ b/dptfxtract.service @@ -12,6 +12,7 @@ ConditionPathExists=!/etc/thermald/thermal-conf.xml.auto [Service] Type=oneshot ExecStart=/usr/libexec/dptfxtract -o /var/run/thermald/ +WorkingDirectory=/tmp Restart=no NoNewPrivileges=yes @@ -20,7 +21,7 @@ LimitDATA=50M LimitNPROC=1 ProtectHome=yes -ProtectSystem=full +ProtectSystem=strict ReadWritePaths=/var/run/thermald/ PrivateTmp=yes PrivateDevices=yes diff --git a/dptfxtract.spec b/dptfxtract.spec index 02bd4af..4b157af 100644 --- a/dptfxtract.spec +++ b/dptfxtract.spec @@ -1,6 +1,6 @@ Name: dptfxtract Version: 1.4.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Utility to generate a thermald configuration from DPTF License: Redistributable, no modification permitted @@ -60,6 +60,10 @@ ln -s ../dptfxtract.service %{buildroot}%{_unitdir}/thermald.service.wants/dptfx %changelog +* Tue Feb 11 2020 Benjamin Berg <bberg(a)redhat.com&gt; - 1.4.2-2 +- Fix error allowing access to / by dptfxtract +- Work aound dtpfxtract trying to write to the current working directory + * Tue Dec 03 2019 Benjamin Berg <bberg(a)redhat.com&gt; - 1.4.2-1 - New upstream release - Permit madvise syscall (#5451)