Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package syslogd for openSUSE:Factory checked in at 2021-11-27 00:50:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/syslogd (Old) and /work/SRC/openSUSE:Factory/.syslogd.new.1895 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "syslogd" Sat Nov 27 00:50:49 2021 rev:95 rq:933491 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/syslogd/syslogd.changes 2020-12-03 18:42:24.566133866 +0100 +++ /work/SRC/openSUSE:Factory/.syslogd.new.1895/syslogd.changes 2021-11-27 00:51:33.706752885 +0100 @@ -1,0 +2,8 @@ +Wed Nov 24 10:22:12 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * klog.service + * klogd.service + * syslogd.service + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ klog.service ++++++ --- /var/tmp/diff_new_pack.tA59jp/_old 2021-11-27 00:51:34.538750012 +0100 +++ /var/tmp/diff_new_pack.tA59jp/_new 2021-11-27 00:51:34.538750012 +0100 @@ -25,6 +25,19 @@ ConditionPathIsDirectory=/var/log [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=oneshot StandardError=tty StandardOutput=tty ++++++ klogd.service ++++++ --- /var/tmp/diff_new_pack.tA59jp/_old 2021-11-27 00:51:34.558749943 +0100 +++ /var/tmp/diff_new_pack.tA59jp/_new 2021-11-27 00:51:34.558749943 +0100 @@ -26,6 +26,19 @@ RefuseManualStart=true [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=simple StandardOutput=syslog StandardError=syslog ++++++ syslogd.service ++++++ --- /var/tmp/diff_new_pack.tA59jp/_old 2021-11-27 00:51:34.690749487 +0100 +++ /var/tmp/diff_new_pack.tA59jp/_new 2021-11-27 00:51:34.694749473 +0100 @@ -24,6 +24,19 @@ Before=klogd.service [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=notify Sockets=syslog.socket StandardOutput=null
