Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package shadowsocks-libev for
openSUSE:Factory checked in at 2021-11-22 23:04:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/shadowsocks-libev (Old)
and /work/SRC/openSUSE:Factory/.shadowsocks-libev.new.1895 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shadowsocks-libev"
Mon Nov 22 23:04:17 2021 rev:18 rq:932980 version:3.3.5
Changes:
--------
--- /work/SRC/openSUSE:Factory/shadowsocks-libev/shadowsocks-libev.changes
2020-09-21 17:44:52.636995239 +0200
+++
/work/SRC/openSUSE:Factory/.shadowsocks-libev.new.1895/shadowsocks-libev.changes
2021-11-22 23:05:02.533759255 +0100
@@ -1,0 +2,16 @@
+Tue Nov 16 16:05:33 UTC 2021 - Johannes Segitz <[email protected]>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+ * shadowsocks-libev-client.service
+ * [email protected]
+ * shadowsocks-libev-manager.service
+ * shadowsocks-libev-nat.service
+ * [email protected]
+ * shadowsocks-libev-redir.service
+ * [email protected]
+ * shadowsocks-libev-server.service
+ * [email protected]
+ * shadowsocks-libev-tunnel.service
+ * [email protected]
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ shadowsocks-libev-client.service ++++++
--- /var/tmp/diff_new_pack.6IN25s/_old 2021-11-22 23:05:03.457756155 +0100
+++ /var/tmp/diff_new_pack.6IN25s/_new 2021-11-22 23:05:03.461756141 +0100
@@ -4,6 +4,19 @@
After=network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/var/run/shadowsocks-libev-client.pid
ExecStart=/usr/bin/ss-local -c /etc/shadowsocks/shadowsocks-libev-config.json
-f /var/run/shadowsocks-libev-client.pid -u --fast-open
++++++ [email protected] ++++++
--- /var/tmp/diff_new_pack.6IN25s/_old 2021-11-22 23:05:03.481756074 +0100
+++ /var/tmp/diff_new_pack.6IN25s/_new 2021-11-22 23:05:03.481756074 +0100
@@ -4,6 +4,19 @@
After=network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/var/run/shadowsocks-libev-client@%i.pid
ExecStart=/usr/bin/ss-local -c /etc/shadowsocks/%i.json -f
/var/run/shadowsocks-libev-client@%i.pid -u --fast-open
++++++ shadowsocks-libev-manager.service ++++++
--- /var/tmp/diff_new_pack.6IN25s/_old 2021-11-22 23:05:03.513755967 +0100
+++ /var/tmp/diff_new_pack.6IN25s/_new 2021-11-22 23:05:03.517755954 +0100
@@ -4,6 +4,19 @@
After=network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/var/run/shadowsocks-libev-manager.pid
ExecStart=/usr/bin/ss-manager -c
/etc/shadowsocks/shadowsocks-libev-config.json -f
/var/run/shadowsocks-libev-manager.pid -u --fast-open
++++++ shadowsocks-libev-nat.service ++++++
--- /var/tmp/diff_new_pack.6IN25s/_old 2021-11-22 23:05:03.541755873 +0100
+++ /var/tmp/diff_new_pack.6IN25s/_new 2021-11-22 23:05:03.541755873 +0100
@@ -4,6 +4,19 @@
After=network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/var/run/shadowsocks-libev-nat.pid
ExecStart=/usr/bin/ss-nat -c /etc/shadowsocks/shadowsocks-libev-config.json -f
/var/run/shadowsocks-libev-nat.pid -u --fast-open
++++++ [email protected] ++++++
--- /var/tmp/diff_new_pack.6IN25s/_old 2021-11-22 23:05:03.569755779 +0100
+++ /var/tmp/diff_new_pack.6IN25s/_new 2021-11-22 23:05:03.573755766 +0100
@@ -4,6 +4,19 @@
After=network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/var/run/shadowsocks-libev-nat@%i.pid
ExecStart=/usr/bin/ss-nat -c /etc/shadowsocks/%i.json -f
/var/run/shadowsocks-libev-nat@%i.pid -u --fast-open
++++++ shadowsocks-libev-redir.service ++++++
--- /var/tmp/diff_new_pack.6IN25s/_old 2021-11-22 23:05:03.589755712 +0100
+++ /var/tmp/diff_new_pack.6IN25s/_new 2021-11-22 23:05:03.589755712 +0100
@@ -4,6 +4,19 @@
After=network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/var/run/shadowsocks-libev-redir.pid
ExecStart=/usr/bin/ss-redir -c /etc/shadowsocks/shadowsocks-libev-config.json
-f /var/run/shadowsocks-libev-redir.pid -u --fast-open
++++++ [email protected] ++++++
--- /var/tmp/diff_new_pack.6IN25s/_old 2021-11-22 23:05:03.625755591 +0100
+++ /var/tmp/diff_new_pack.6IN25s/_new 2021-11-22 23:05:03.625755591 +0100
@@ -4,6 +4,19 @@
After=network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/var/run/shadowsocks-libev-redir@%i.pid
ExecStart=/usr/bin/ss-redir -c /etc/shadowsocks/%i.json -f
/var/run/shadowsocks-libev-redir@%i.pid -u --fast-open
++++++ shadowsocks-libev-server.service ++++++
--- /var/tmp/diff_new_pack.6IN25s/_old 2021-11-22 23:05:03.641755537 +0100
+++ /var/tmp/diff_new_pack.6IN25s/_new 2021-11-22 23:05:03.641755537 +0100
@@ -4,6 +4,19 @@
After=network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/var/run/shadowsocks-libev-server.pid
ExecStart=/usr/bin/ss-server -c /etc/shadowsocks/shadowsocks-libev-config.json
-f /var/run/shadowsocks-libev-server.pid -u --fast-open
++++++ [email protected] ++++++
--- /var/tmp/diff_new_pack.6IN25s/_old 2021-11-22 23:05:03.657755484 +0100
+++ /var/tmp/diff_new_pack.6IN25s/_new 2021-11-22 23:05:03.661755470 +0100
@@ -4,6 +4,19 @@
After=network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/var/run/shadowsocks-libev-server@%i.pid
ExecStart=/usr/bin/ss-server -c /etc/shadowsocks/%i.json -f
/var/run/shadowsocks-libev-server@%i.pid -u --fast-open
++++++ shadowsocks-libev-tunnel.service ++++++
--- /var/tmp/diff_new_pack.6IN25s/_old 2021-11-22 23:05:03.689755376 +0100
+++ /var/tmp/diff_new_pack.6IN25s/_new 2021-11-22 23:05:03.689755376 +0100
@@ -4,6 +4,19 @@
After=network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/var/run/shadowsocks-libev-tunnel.pid
ExecStart=/usr/bin/ss-tunnel -c /etc/shadowsocks/shadowsocks-libev-config.json
-f /var/run/shadowsocks-libev-tunnel.pid -u --fast-open
++++++ [email protected] ++++++
--- /var/tmp/diff_new_pack.6IN25s/_old 2021-11-22 23:05:03.709755309 +0100
+++ /var/tmp/diff_new_pack.6IN25s/_new 2021-11-22 23:05:03.709755309 +0100
@@ -4,6 +4,19 @@
After=network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
PIDFile=/var/run/shadowsocks-libev-tunnel@%i.pid
ExecStart=/usr/bin/ss-tunnel -c /etc/shadowsocks/%i.json -f
/var/run/shadowsocks-libev-tunnel@%i.pid -u --fast-open
