Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package fwknop for openSUSE:Factory checked in at 2021-09-16 23:15:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/fwknop (Old) and /work/SRC/openSUSE:Factory/.fwknop.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "fwknop" Thu Sep 16 23:15:03 2021 rev:3 rq:919553 version:2.6.10 Changes: -------- --- /work/SRC/openSUSE:Factory/fwknop/fwknop.changes 2020-06-24 15:48:18.176258299 +0200 +++ /work/SRC/openSUSE:Factory/.fwknop.new.1899/fwknop.changes 2021-09-16 23:17:53.379998184 +0200 @@ -1,0 +2,6 @@ +Thu Sep 16 07:15:08 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * fwknopd.service + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ fwknopd.service ++++++ --- /var/tmp/diff_new_pack.4sAtQk/_old 2021-09-16 23:17:53.867998689 +0200 +++ /var/tmp/diff_new_pack.4sAtQk/_new 2021-09-16 23:17:53.871998694 +0200 @@ -3,6 +3,18 @@ After=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking PIDFile=/var/run/fwknopd.pid ExecStart=/usr/sbin/fwknopd
