Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package fcoe-utils for openSUSE:Factory checked in at 2021-09-21 21:12:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/fcoe-utils (Old) and /work/SRC/openSUSE:Factory/.fcoe-utils.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "fcoe-utils" Tue Sep 21 21:12:17 2021 rev:22 rq:919892 version:1.0.34 Changes: -------- --- /work/SRC/openSUSE:Factory/fcoe-utils/fcoe-utils.changes 2021-04-01 14:16:05.155876379 +0200 +++ /work/SRC/openSUSE:Factory/.fcoe-utils.new.1899/fcoe-utils.changes 2021-09-21 21:12:23.638587834 +0200 @@ -1,0 +2,6 @@ +Tue Sep 14 08:23:41 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_fcoe.service.patch + +------------------------------------------------------------------- New: ---- harden_fcoe.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ fcoe-utils.spec ++++++ --- /var/tmp/diff_new_pack.A73jVz/_old 2021-09-21 21:12:24.134588395 +0200 +++ /var/tmp/diff_new_pack.A73jVz/_new 2021-09-21 21:12:24.138588400 +0200 @@ -37,6 +37,7 @@ License: GPL-2.0-only Group: System/Daemons Source: %{name}-%{version}.tar.xz +Patch0: harden_fcoe.service.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %{?systemd_requires} @@ -47,6 +48,7 @@ %prep %setup -q +%patch0 -p1 %build autoreconf -vi ++++++ harden_fcoe.service.patch ++++++ Index: fcoe-utils-1.0.34/etc/systemd/fcoe.service =================================================================== --- fcoe-utils-1.0.34.orig/etc/systemd/fcoe.service +++ fcoe-utils-1.0.34/etc/systemd/fcoe.service @@ -3,6 +3,16 @@ Description=Open-FCoE initiator daemon After=syslog.target network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectClock=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=simple EnvironmentFile=/etc/fcoe/config ExecStartPre=/sbin/modprobe -qa $SUPPORTED_DRIVERS
