From 29e9f4a4afb3a3bfb7dbb2b1e9e63034b684778c Mon Sep 17 00:00:00 2001
From: dimstar_suse <>
Date: Mar 28 2022 11:48:34 +0000
Subject: Update accountsservice to version 22.04.62 / rev 78


https://build.opensuse.org/package/rdiff/openSUSE:Factory/accountsservice?linkrev=base&rev=78
by user dimstar_suse
- Add accountsservice-too-restrictive.patch: weaken upstreams
  policy of accounts-daemon.service to be similar, but still
  stricter, to what we had with harden-accounts-daemon.service.patch.
  Attempt to workaround
  https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/102

---

diff --git a/.files b/.files
index 29c2f9d..13c205e 100644
Binary files a/.files and b/.files differ
diff --git a/.rev b/.rev
index 98003fc..53357e9 100644
--- a/.rev
+++ b/.rev
@@ -1092,4 +1092,15 @@ By now, it's required for sle-15, so synchronized the updated specfile and chang
     <comment>- Drop harden_accounts-daemon.service.patch: Seems to conflict with
   SELinux since version 22.04.62.</comment>
   </revision>
+  <revision rev="78" vrev="3">
+    <srcmd5>a15707b5cbeb82707e56607b06ff15e6</srcmd5>
+    <version>22.04.62</version>
+    <time>1648467808</time>
+    <user>dimstar_suse</user>
+    <comment>- Add accountsservice-too-restrictive.patch: weaken upstreams
+  policy of accounts-daemon.service to be similar, but still
+  stricter, to what we had with harden-accounts-daemon.service.patch.
+  Attempt to workaround
+  https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/102</comment>
+  </revision>
 </revisionlist>
diff --git a/.servicemark b/.servicemark
index 5ab3b0f..ef9b741 100644
--- a/.servicemark
+++ b/.servicemark
@@ -1 +1 @@
-652f0579944f098ac2f2e8f4832d356e
+cee88a4d8b6449aa72798b090c5064f4
diff --git a/accountsservice-too-restrictive.patch b/accountsservice-too-restrictive.patch
new file mode 100644
index 0000000..62fd04e
--- /dev/null
+++ b/accountsservice-too-restrictive.patch
@@ -0,0 +1,22 @@
+Index: accountsservice-22.04.62/data/accounts-daemon.service.in
+===================================================================
+--- accountsservice-22.04.62.orig/data/accounts-daemon.service.in
++++ accountsservice-22.04.62/data/accounts-daemon.service.in
+@@ -18,7 +18,7 @@ Environment=GVFS_REMOTE_VOLUME_MONITOR_I
+ StateDirectory=AccountsService
+ StateDirectoryMode=0775
+ 
+-ProtectSystem=strict
++ProtectSystem=false
+ PrivateDevices=true
+ ProtectKernelTunables=true
+ ProtectKernelModules=true
+@@ -33,7 +33,7 @@ PrivateUsers=false
+ RestrictAddressFamilies=AF_UNIX
+ SystemCallArchitectures=native
+ SystemCallFilter=~@mount
+-RestrictNamespaces=true
++RestrictNamespaces=false
+ LockPersonality=true
+ MemoryDenyWriteExecute=true
+ RestrictRealtime=true
diff --git a/accountsservice.changes b/accountsservice.changes
index 2a1d687..2a592fc 100644
--- a/accountsservice.changes
+++ b/accountsservice.changes
@@ -1,4 +1,13 @@
 -------------------------------------------------------------------
+Mon Mar 28 11:34:44 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Add accountsservice-too-restrictive.patch: weaken upstreams
+  policy of accounts-daemon.service to be similar, but still
+  stricter, to what we had with harden-accounts-daemon.service.patch.
+  Attempt to workaround
+  https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/102
+
+-------------------------------------------------------------------
 Mon Mar 28 07:32:37 UTC 2022 - Dominique Leuenberger <dleuenberger@suse.com>
 
 - Drop harden_accounts-daemon.service.patch: Seems to conflict with
diff --git a/accountsservice.spec b/accountsservice.spec
index 397523f..e8194b2 100644
--- a/accountsservice.spec
+++ b/accountsservice.spec
@@ -28,6 +28,8 @@ Source0:        https://www.freedesktop.org/software/accountsservice/%{name}-%{v
 # WARNING: do not remove/significantly change patch0 without updating the relevant patch in gdm too
 # PATCH-FIX-OPENSUSE accountsservice-sysconfig.patch bnc#688071 vuntz@opensuse.org -- Read/write autologin configuration from sysconfig, like gdm (see gdm-sysconfig-settings.patch)
 Patch1:         accountsservice-sysconfig.patch
+# PATCH-FIX-UPSTREAM accountsservice-too-restrictive.patch https://gitlab.freedesktop.org/accountsservice/accountsservice/-/issues/102 -- Allow NAMESPACE switching until upstream finds the right flag
+Patch2:         accountsservice-too-restrictive.patch
 
 ## SLE and Leap only patches start at 1000
 # PATCH-FEATURE-SLE as-fate318433-prevent-same-account-multi-logins.patch fate#318433 cxiong@suse.com -- prevent multiple simultaneous login.
@@ -95,6 +97,7 @@ querying and manipulating user account information.
 %prep
 %setup -q
 %patch1 -p1
+%patch2 -p1
 
 # SLE and Leap patches start at 1000
 %if 0%{?sle_version}