Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package osmo-iuh for openSUSE:Factory checked in at 2021-10-15 23:04:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/osmo-iuh (Old) and /work/SRC/openSUSE:Factory/.osmo-iuh.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "osmo-iuh" Fri Oct 15 23:04:00 2021 rev:11 rq:925283 version:0.7.0 Changes: -------- --- /work/SRC/openSUSE:Factory/osmo-iuh/osmo-iuh.changes 2021-03-15 10:56:15.161342306 +0100 +++ /work/SRC/openSUSE:Factory/.osmo-iuh.new.1890/osmo-iuh.changes 2021-10-15 23:04:26.266117747 +0200 @@ -1,0 +2,6 @@ +Wed Oct 13 13:53:31 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_osmo-hnbgw.service.patch + +------------------------------------------------------------------- New: ---- harden_osmo-hnbgw.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ osmo-iuh.spec ++++++ --- /var/tmp/diff_new_pack.TWRwZ5/_old 2021-10-15 23:04:26.770118106 +0200 +++ /var/tmp/diff_new_pack.TWRwZ5/_new 2021-10-15 23:04:26.774118108 +0200 @@ -26,6 +26,7 @@ URL: https://osmocom.org/projects/osmohnbgw/wiki Source: https://github.com/osmocom/osmo-iuh/archive/%version.tar.gz +Patch0: harden_osmo-hnbgw.service.patch BuildRequires: automake >= 1.9 BuildRequires: libtool >= 2 BuildRequires: lksctp-tools-devel ++++++ harden_osmo-hnbgw.service.patch ++++++ Index: osmo-iuh-0.7.0/contrib/systemd/osmo-hnbgw.service =================================================================== --- osmo-iuh-0.7.0.orig/contrib/systemd/osmo-hnbgw.service +++ osmo-iuh-0.7.0/contrib/systemd/osmo-hnbgw.service @@ -2,6 +2,17 @@ Description=Osmocom Home Nodeb Gateway (OsmoHNBGW) [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=simple Restart=always ExecStart=/usr/bin/osmo-hnbgw -c /etc/osmocom/osmo-hnbgw.cfg
