Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package laptop-mode-tools for
openSUSE:Factory checked in at 2021-10-12 21:49:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/laptop-mode-tools (Old)
and /work/SRC/openSUSE:Factory/.laptop-mode-tools.new.2443 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "laptop-mode-tools"
Tue Oct 12 21:49:51 2021 rev:45 rq:924873 version:1.74
Changes:
--------
--- /work/SRC/openSUSE:Factory/laptop-mode-tools/laptop-mode-tools.changes
2021-05-23 00:06:10.266611817 +0200
+++
/work/SRC/openSUSE:Factory/.laptop-mode-tools.new.2443/laptop-mode-tools.changes
2021-10-12 21:51:14.496033911 +0200
@@ -1,0 +2,7 @@
+Thu Sep 30 08:44:14 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+ * harden_laptop-mode.service.patch
+ * harden_lmt-poll.service.patch
+
+-------------------------------------------------------------------
New:
----
harden_laptop-mode.service.patch
harden_lmt-poll.service.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ laptop-mode-tools.spec ++++++
--- /var/tmp/diff_new_pack.a5r6YN/_old 2021-10-12 21:51:15.076034741 +0200
+++ /var/tmp/diff_new_pack.a5r6YN/_new 2021-10-12 21:51:15.076034741 +0200
@@ -31,6 +31,8 @@
Patch0: laptop-mode-1.53_conf.diff
Patch1: laptop-mode-1.49-new-dirty-ratio-defaults.diff
Patch2: laptop-mode-1.53-moblin-enable-intel-hda-powersave.patch
+Patch3: harden_laptop-mode.service.patch
+Patch4: harden_lmt-poll.service.patch
BuildRequires: systemd-rpm-macros
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(udev)
++++++ harden_laptop-mode.service.patch ++++++
Index: laptop-mode-tools_1.74/etc/systemd/laptop-mode.service
===================================================================
--- laptop-mode-tools_1.74.orig/etc/systemd/laptop-mode.service
+++ laptop-mode-tools_1.74/etc/systemd/laptop-mode.service
@@ -4,6 +4,17 @@ Documentation=man:laptop_mode(8) man:lap
Documentation=http://github.com/rickysarraf/laptop-mode-tools
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=oneshot
RemainAfterExit=yes
ExecStartPre=/bin/rm -f /var/run/laptop-mode-tools/enabled
++++++ harden_lmt-poll.service.patch ++++++
Index: laptop-mode-tools_1.74/etc/systemd/lmt-poll.service
===================================================================
--- laptop-mode-tools_1.74.orig/etc/systemd/lmt-poll.service
+++ laptop-mode-tools_1.74/etc/systemd/lmt-poll.service
@@ -4,6 +4,17 @@ Documentation=man:laptop_mode(8) man:lap
Documentation=http://github.com/rickysarraf/laptop-mode-tools
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=oneshot
RemainAfterExit=no
Environment=CONTROL_BATTERY_LEVEL_POLLING=1
