Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package munin for openSUSE:Factory checked in at 2021-10-31 22:55:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/munin (Old) and /work/SRC/openSUSE:Factory/.munin.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "munin" Sun Oct 31 22:55:34 2021 rev:25 rq:928142 version:2.0.66 Changes: -------- --- /work/SRC/openSUSE:Factory/munin/munin.changes 2021-03-10 08:49:51.890431282 +0100 +++ /work/SRC/openSUSE:Factory/.munin.new.1890/munin.changes 2021-10-31 22:56:15.247726464 +0100 @@ -1,0 +2,9 @@ +Thu Oct 7 10:26:31 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * munin-cgi-graph.service + * munin-cgi-html.service + * munin-cron.service + * munin-node.service + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ munin-cgi-graph.service ++++++ --- /var/tmp/diff_new_pack.ujqbgC/_old 2021-10-31 22:56:15.755726854 +0100 +++ /var/tmp/diff_new_pack.ujqbgC/_new 2021-10-31 22:56:15.755726854 +0100 @@ -3,6 +3,19 @@ Requires=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking ExecStart=/usr/bin/spawn-fcgi -s /var/run/munin/munin-cgi-graph.sock -P /var/run/munin/munin-cgi-graph.pid -u munin -g munin -M 0770 -U munin -G www /srv/www/cgi-bin/munin-cgi-graph PIDFile=/var/run/munin/munin-cgi-graph.pid ++++++ munin-cgi-html.service ++++++ --- /var/tmp/diff_new_pack.ujqbgC/_old 2021-10-31 22:56:15.771726866 +0100 +++ /var/tmp/diff_new_pack.ujqbgC/_new 2021-10-31 22:56:15.775726870 +0100 @@ -3,6 +3,19 @@ Requires=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking ExecStart=/usr/bin/spawn-fcgi -s /var/run/munin/munin-cgi-html.sock -P /var/run/munin/munin-cgi-html.pid -u munin -g munin -M 0770 -U munin -G www /srv/www/cgi-bin/munin-cgi-html PIDFile=/var/run/munin/munin-cgi-html.pid ++++++ munin-cron.service ++++++ --- /var/tmp/diff_new_pack.ujqbgC/_old 2021-10-31 22:56:15.787726879 +0100 +++ /var/tmp/diff_new_pack.ujqbgC/_new 2021-10-31 22:56:15.791726882 +0100 @@ -3,6 +3,19 @@ Documentation=man:munin-cron(8) [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=oneshot User=munin ExecStart=/usr/bin/munin-cron ++++++ munin-node.service ++++++ --- /var/tmp/diff_new_pack.ujqbgC/_old 2021-10-31 22:56:15.831726913 +0100 +++ /var/tmp/diff_new_pack.ujqbgC/_new 2021-10-31 22:56:15.831726913 +0100 @@ -3,6 +3,19 @@ Requires=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking ExecStart=/usr/sbin/munin-node ExecStartPre=/usr/bin/mkdir -p /var/run/munin/
