Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package git for openSUSE:Factory checked in at 2021-10-11 15:30:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/git (Old) and /work/SRC/openSUSE:Factory/.git.new.2443 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "git" Mon Oct 11 15:30:25 2021 rev:267 rq:923514 version:2.33.0 Changes: -------- --- /work/SRC/openSUSE:Factory/git/git.changes 2021-08-25 20:56:24.977302342 +0200 +++ /work/SRC/openSUSE:Factory/.git.new.2443/git.changes 2021-10-11 15:30:37.866750108 +0200 @@ -1,0 +2,6 @@ +Mon Sep 20 08:33:11 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * git-daemon.service + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ git-daemon.service ++++++ --- /var/tmp/diff_new_pack.VWJ6zo/_old 2021-10-11 15:30:38.634751339 +0200 +++ /var/tmp/diff_new_pack.VWJ6zo/_new 2021-10-11 15:30:38.634751339 +0200 @@ -2,6 +2,18 @@ Description=Start Git Daemon [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions EnvironmentFile=-/etc/sysconfig/git-daemon ExecStart=/bin/bash -c 'exec git daemon --reuseaddr --base-path=$${GIT_DAEMON_BASE_PATH:-/srv/git/} --user=$${GIT_DAEMON_USER:-git-daemon} --group=$${GIT_DAEMON_GROUP:-nogroup} $GIT_DAEMON_ARGS'
