Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package dante for openSUSE:Factory checked in at 2021-09-01 21:37:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dante (Old) and /work/SRC/openSUSE:Factory/.dante.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dante" Wed Sep 1 21:37:24 2021 rev:34 rq:915510 version:1.4.3 Changes: -------- --- /work/SRC/openSUSE:Factory/dante/dante.changes 2021-05-17 18:45:54.920470708 +0200 +++ /work/SRC/openSUSE:Factory/.dante.new.1899/dante.changes 2021-09-01 21:37:53.540928253 +0200 @@ -1,0 +2,6 @@ +Tue Aug 31 14:00:22 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s). Modified: + * sockd.service + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sockd.service ++++++ --- /var/tmp/diff_new_pack.1WUpJn/_old 2021-09-01 21:37:54.260929120 +0200 +++ /var/tmp/diff_new_pack.1WUpJn/_new 2021-09-01 21:37:54.260929120 +0200 @@ -3,6 +3,19 @@ After=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking #EnvironmentFile=/etc/sockd.conf PIDFile=/run/sockd.pid
