commit powerman for openSUSE:Factory

Thu, 11 Nov 2021 12:40:21 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package powerman for openSUSE:Factory 
checked in at 2021-11-11 21:38:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/powerman (Old)
 and      /work/SRC/openSUSE:Factory/.powerman.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "powerman"

Thu Nov 11 21:38:05 2021 rev:27 rq:930777 version:2.3.26

Changes:
--------
--- /work/SRC/openSUSE:Factory/powerman/powerman.changes        2021-06-11 
22:31:20.910200333 +0200
+++ /work/SRC/openSUSE:Factory/.powerman.new.1890/powerman.changes      
2021-11-11 21:39:14.261011864 +0100
@@ -1,0 +2,6 @@
+Tue Oct 19 13:06:07 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_powerman.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_powerman.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ powerman.spec ++++++
--- /var/tmp/diff_new_pack.gqYJnD/_old  2021-11-11 21:39:14.613012121 +0100
+++ /var/tmp/diff_new_pack.gqYJnD/_new  2021-11-11 21:39:14.613012121 +0100
@@ -39,6 +39,7 @@
 Source0:        
https://github.com/chaos/%{name}/releases/download/%{version}/%{name}-%{version}.tar.gz
 Patch1:         service-dynamic-user-autofiles.patch
 Patch2:         service-dynamic-user-configure.patch
+Patch3:         harden_powerman.service.patch
 BuildRequires:  automake
 BuildRequires:  fdupes
 BuildRequires:  ncurses-devel
@@ -80,6 +81,7 @@
 %setup -q
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 %build
 %configure \

++++++ harden_powerman.service.patch ++++++
Index: powerman-2.3.26/scripts/powerman.service.in
===================================================================
--- powerman-2.3.26.orig/scripts/powerman.service.in
+++ powerman-2.3.26/scripts/powerman.service.in
@@ -5,6 +5,17 @@ After=syslog.target network.target
 [Service]
 Type=forking
 PrivateTmp=yes
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 User=@RUN_AS_USER@
 Group=@RUN_AS_GROUP@
 ExecStart=/usr/sbin/powermand

Reply via email to