Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package iodine for openSUSE:Factory checked in at 2021-10-04 18:39:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/iodine (Old) and /work/SRC/openSUSE:Factory/.iodine.new.2443 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "iodine" Mon Oct 4 18:39:07 2021 rev:10 rq:922368 version:0.7.0 Changes: -------- --- /work/SRC/openSUSE:Factory/iodine/iodine.changes 2021-07-01 07:05:29.315545442 +0200 +++ /work/SRC/openSUSE:Factory/.iodine.new.2443/iodine.changes 2021-10-04 18:39:33.730018265 +0200 @@ -1,0 +2,7 @@ +Wed Sep 22 14:45:53 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * iodine.service + * iodined.service + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ iodine.service ++++++ --- /var/tmp/diff_new_pack.RE9Vxh/_old 2021-10-04 18:39:34.346019265 +0200 +++ /var/tmp/diff_new_pack.RE9Vxh/_new 2021-10-04 18:39:34.346019265 +0200 @@ -8,6 +8,19 @@ After=network.target syslog.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=simple EnvironmentFile=-/etc/sysconfig/iodine Environment=TERM=linux ++++++ iodined.service ++++++ --- /var/tmp/diff_new_pack.RE9Vxh/_old 2021-10-04 18:39:34.366019298 +0200 +++ /var/tmp/diff_new_pack.RE9Vxh/_new 2021-10-04 18:39:34.370019304 +0200 @@ -8,6 +8,19 @@ After=network.target syslog.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=simple EnvironmentFile=-/etc/sysconfig/iodined Environment=TERM=linux
