Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tgt for openSUSE:Factory checked in at 2021-11-27 00:51:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tgt (Old) and /work/SRC/openSUSE:Factory/.tgt.new.1895 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tgt" Sat Nov 27 00:51:46 2021 rev:38 rq:934122 version:1.0.74 Changes: -------- --- /work/SRC/openSUSE:Factory/tgt/tgt.changes 2021-02-01 13:30:01.098272498 +0100 +++ /work/SRC/openSUSE:Factory/.tgt.new.1895/tgt.changes 2021-11-27 00:52:41.242519702 +0100 @@ -1,0 +2,8 @@ +Wed Nov 24 15:09:05 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_tgtd.service.patch + Modified: + * tgtd.service + +------------------------------------------------------------------- New: ---- harden_tgtd.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tgt.spec ++++++ --- /var/tmp/diff_new_pack.HPZvcH/_old 2021-11-27 00:52:41.722518045 +0100 +++ /var/tmp/diff_new_pack.HPZvcH/_new 2021-11-27 00:52:41.726518031 +0100 @@ -35,6 +35,7 @@ Patch2: setup-tgt-conf-d.patch Patch3: %{name}-include-sys-macros-for-major.patch Patch4: %{name}-Fix-gcc7-string-truncation-warnings.patch +Patch5: harden_tgtd.service.patch BuildRequires: docbook-xsl-stylesheets BuildRequires: libaio-devel BuildRequires: libxslt @@ -59,6 +60,7 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 %build %ifarch ppc ppc64 ppc64le ++++++ harden_tgtd.service.patch ++++++ Index: tgt-1.0.74/scripts/tgtd.service =================================================================== --- tgt-1.0.74.orig/scripts/tgtd.service +++ tgt-1.0.74/scripts/tgtd.service @@ -9,6 +9,15 @@ After=network.target ConditionPathExists=/etc/tgt/targets.conf [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelLogs=true +RestrictRealtime=true +# end of automatic additions Type=forking Environment=TGTD_CONFIG=/etc/tgt/targets.conf ++++++ tgtd.service ++++++ --- /var/tmp/diff_new_pack.HPZvcH/_old 2021-11-27 00:52:41.818517713 +0100 +++ /var/tmp/diff_new_pack.HPZvcH/_new 2021-11-27 00:52:41.818517713 +0100 @@ -3,6 +3,15 @@ After=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelLogs=true +RestrictRealtime=true +# end of automatic additions EnvironmentFile=-/etc/sysconfig/tgt Type=forking User=root
