Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package llmnrd for openSUSE:Factory checked in at 2021-10-05 22:34:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/llmnrd (Old) and /work/SRC/openSUSE:Factory/.llmnrd.new.2443 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "llmnrd" Tue Oct 5 22:34:02 2021 rev:7 rq:923304 version:0.7 Changes: -------- --- /work/SRC/openSUSE:Factory/llmnrd/llmnrd.changes 2020-09-21 17:43:15.148903373 +0200 +++ /work/SRC/openSUSE:Factory/.llmnrd.new.2443/llmnrd.changes 2021-10-05 22:34:33.482942996 +0200 @@ -1,0 +2,8 @@ +Tue Oct 5 14:15:04 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_llmnrd.service.patch + Modified: + * llmnrd.service + +------------------------------------------------------------------- New: ---- harden_llmnrd.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ llmnrd.spec ++++++ --- /var/tmp/diff_new_pack.8ahspL/_old 2021-10-05 22:34:33.898943720 +0200 +++ /var/tmp/diff_new_pack.8ahspL/_new 2021-10-05 22:34:33.898943720 +0200 @@ -32,6 +32,7 @@ Source1: llmnrd.service Source2: llmnrd.sysconfig Source3: usr.sbin.llmnrd +Patch0: harden_llmnrd.service.patch BuildRequires: apparmor-profiles BuildRequires: gcc BuildRequires: git-core @@ -46,6 +47,7 @@ %prep %setup -q +%patch0 -p1 %build export GIT_VERSION="" ++++++ harden_llmnrd.service.patch ++++++ Index: llmnrd-0.7/etc/llmnrd.service =================================================================== --- llmnrd-0.7.orig/etc/llmnrd.service +++ llmnrd-0.7/etc/llmnrd.service @@ -3,6 +3,18 @@ Description=Link-Local Multicast Name Re After=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=simple ExecStart=/usr/sbin/llmnrd Restart=on-failure ++++++ llmnrd.service ++++++ --- /var/tmp/diff_new_pack.8ahspL/_old 2021-10-05 22:34:33.942943796 +0200 +++ /var/tmp/diff_new_pack.8ahspL/_new 2021-10-05 22:34:33.942943796 +0200 @@ -3,6 +3,18 @@ After=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=simple EnvironmentFile=/etc/sysconfig/llmnrd ExecStart=/usr/sbin/llmnrd $LLMNRD_OPTIONS
