Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package atop for openSUSE:Factory checked in 
at 2021-08-23 10:08:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/atop (Old)
 and      /work/SRC/openSUSE:Factory/.atop.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "atop"

Mon Aug 23 10:08:19 2021 rev:7 rq:913494 version:2.6.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/atop/atop.changes        2021-06-01 
10:41:10.261191952 +0200
+++ /work/SRC/openSUSE:Factory/.atop.new.1899/atop.changes      2021-08-23 
10:09:33.972148696 +0200
@@ -1,0 +2,9 @@
+Wed Aug 11 08:40:14 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s). Added patch(es):
+  * harden_atop-rotate.service.patch
+  *harden_atop.service.patch
+  *harden_atopacct.service.patch
+  *harden_atopgpu.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_atop-rotate.service.patch
  harden_atop.service.patch
  harden_atopacct.service.patch
  harden_atopgpu.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ atop.spec ++++++
--- /var/tmp/diff_new_pack.JGkkfu/_old  2021-08-23 10:09:34.576147992 +0200
+++ /var/tmp/diff_new_pack.JGkkfu/_new  2021-08-23 10:09:34.576147992 +0200
@@ -29,6 +29,10 @@
 Source2:        atop.default
 Source99:       atop-rpmlintrc
 Patch0:         atop-makefile.patch
+Patch1:         harden_atop-rotate.service.patch
+Patch2:         harden_atop.service.patch
+Patch3:         harden_atopacct.service.patch
+Patch4:         harden_atopgpu.service.patch
 BuildRequires:  gcc
 BuildRequires:  glibc-devel
 BuildRequires:  make

++++++ harden_atop-rotate.service.patch ++++++
Index: atop-2.6.0/atop-rotate.service
===================================================================
--- atop-2.6.0.orig/atop-rotate.service
+++ atop-2.6.0/atop-rotate.service
@@ -2,5 +2,18 @@
 Description=Restart atop daemon to rotate logs
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=oneshot
 ExecStart=/usr/bin/systemctl try-restart atop.service
++++++ harden_atop.service.patch ++++++
Index: atop-2.6.0/atop.service
===================================================================
--- atop-2.6.0.orig/atop.service
+++ atop-2.6.0/atop.service
@@ -3,6 +3,19 @@ Description=Atop advanced performance mo
 Documentation=man:atop(1)
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Environment=LOGOPTS=""
 Environment=LOGINTERVAL=600
 Environment=LOGGENERATIONS=28
++++++ harden_atopacct.service.patch ++++++
Index: atop-2.6.0/atopacct.service
===================================================================
--- atop-2.6.0.orig/atopacct.service
+++ atop-2.6.0/atopacct.service
@@ -6,6 +6,19 @@ After=syslog.target
 Before=atop.service
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=forking
 PIDFile=/var/run/atopacctd.pid
 ExecStart=/usr/sbin/atopacctd
++++++ harden_atopgpu.service.patch ++++++
Index: atop-2.6.0/atopgpu.service
===================================================================
--- atop-2.6.0.orig/atopgpu.service
+++ atop-2.6.0/atopgpu.service
@@ -5,6 +5,19 @@ After=syslog.target
 Before=atop.service
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 ExecStart=/usr/sbin/atopgpud
 Type=oneshot
 RemainAfterExit=yes

Reply via email to