Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ntp for openSUSE:Factory checked in at 2021-10-12 21:49:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ntp (Old) and /work/SRC/openSUSE:Factory/.ntp.new.2443 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ntp" Tue Oct 12 21:49:57 2021 rev:131 rq:924903 version:4.2.8p15 Changes: -------- --- /work/SRC/openSUSE:Factory/ntp/ntp.changes 2021-06-16 20:36:31.155292022 +0200 +++ /work/SRC/openSUSE:Factory/.ntp.new.2443/ntp.changes 2021-10-12 21:51:25.716049973 +0200 @@ -1,0 +2,7 @@ +Tue Oct 12 06:09:33 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * conf.ntp-wait.service + * conf.ntpd.service + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ conf.ntp-wait.service ++++++ --- /var/tmp/diff_new_pack.11SoSg/_old 2021-10-12 21:51:26.660051324 +0200 +++ /var/tmp/diff_new_pack.11SoSg/_new 2021-10-12 21:51:26.660051324 +0200 @@ -9,6 +9,16 @@ ConditionCapability=CAP_SYS_TIME [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +# end of automatic additions Type=oneshot ExecStart=/usr/sbin/ntp-wait -s 1 -n 30000 RemainAfterExit=yes ++++++ conf.ntpd.service ++++++ --- /var/tmp/diff_new_pack.11SoSg/_old 2021-10-12 21:51:26.700051381 +0200 +++ /var/tmp/diff_new_pack.11SoSg/_new 2021-10-12 21:51:26.704051387 +0200 @@ -17,6 +17,16 @@ RestartSec=11min Restart=always PrivateTmp=true +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +# end of automatic additions [Install] WantedBy=multi-user.target