commit vhostmd for openSUSE:Factory

Mon, 10 Jan 2022 14:54:41 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package vhostmd for openSUSE:Factory checked 
in at 2022-01-10 23:53:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/vhostmd (Old)
 and      /work/SRC/openSUSE:Factory/.vhostmd.new.1892 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "vhostmd"

Mon Jan 10 23:53:51 2022 rev:32 rq:945374 version:1.1

Changes:
--------
--- /work/SRC/openSUSE:Factory/vhostmd/vhostmd.changes  2020-02-04 
19:54:12.225351362 +0100
+++ /work/SRC/openSUSE:Factory/.vhostmd.new.1892/vhostmd.changes        
2022-01-10 23:54:27.712849490 +0100
@@ -1,0 +2,6 @@
+Wed Jan  5 08:45:27 UTC 2022 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service (bsc#1181400)
+  harden_vhostmd.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_vhostmd.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ vhostmd.spec ++++++
--- /var/tmp/diff_new_pack.0Yydz9/_old  2022-01-10 23:54:28.080849813 +0100
+++ /var/tmp/diff_new_pack.0Yydz9/_new  2022-01-10 23:54:28.084849816 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package vhostmd
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -37,6 +37,7 @@
 Patch2:         value-newline.patch
 Patch3:         libmetrics-link.patch
 Patch4:         relax-virtio-config-requirement.patch
+Patch5:         harden_vhostmd.service.patch
 BuildRequires:  libtool
 BuildRequires:  libvirt-devel
 BuildRequires:  libxml2
@@ -89,6 +90,7 @@
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
 
 %build
 %if ! %{with_xen}

++++++ harden_vhostmd.service.patch ++++++
Index: vhostmd-1.1/vhostmd.service
===================================================================
--- vhostmd-1.1.orig/vhostmd.service
+++ vhostmd-1.1/vhostmd.service
@@ -4,6 +4,17 @@ After=libvirtd.service
 Documentation=man:vhostmd(8)
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=forking
 ExecStart=/usr/sbin/vhostmd
 ExecReload=/bin/kill -HUP $MAINPID

Reply via email to