Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package at for openSUSE:Factory checked in at 2021-10-20 20:22:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/at (Old) and /work/SRC/openSUSE:Factory/.at.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "at" Wed Oct 20 20:22:42 2021 rev:79 rq:925655 version:3.2.2 Changes: -------- --- /work/SRC/openSUSE:Factory/at/at.changes 2021-07-21 19:07:15.635383298 +0200 +++ /work/SRC/openSUSE:Factory/.at.new.1890/at.changes 2021-10-20 20:22:49.869324254 +0200 @@ -1,0 +2,8 @@ +Wed Aug 11 08:25:16 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s). Added patch(es): + * harden_atd.service.patch + Modified: + * atd.service + +------------------------------------------------------------------- New: ---- harden_atd.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ at.spec ++++++ --- /var/tmp/diff_new_pack.TvHd3Z/_old 2021-10-20 20:22:51.501325262 +0200 +++ /var/tmp/diff_new_pack.TvHd3Z/_new 2021-10-20 20:22:51.505325264 +0200 @@ -58,6 +58,7 @@ Patch28: at-adjust_load_to_cpu_count.patch # PATCH-FIX-UPSTREAM bnc#945124 kstreit...@suse.com -- don't loop on corrupt files and prevent their creation Patch29: at-3.1.16-handle_malformed_jobs.patch +Patch30: harden_atd.service.patch BuildRequires: autoconf >= 2.69 BuildRequires: automake BuildRequires: bison ++++++ atd.service ++++++ --- /var/tmp/diff_new_pack.TvHd3Z/_old 2021-10-20 20:22:51.589325316 +0200 +++ /var/tmp/diff_new_pack.TvHd3Z/_new 2021-10-20 20:22:51.589325316 +0200 @@ -3,6 +3,19 @@ After=nss-user-lookup.target time-sync.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions ExecStart=/usr/sbin/atd -f [Install] ++++++ harden_atd.service.patch ++++++ Index: at-3.2.2/atd.service.in =================================================================== --- at-3.2.2.orig/atd.service.in +++ at-3.2.2/atd.service.in @@ -4,6 +4,19 @@ Documentation=man:atd(8) After=remote-fs.target nss-user-lookup.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions ExecStartPre=-find @atjobdir@ -type f -name "=*" -not -newercc /run/systemd -delete ExecStart=@sbindir@/atd -f IgnoreSIGPIPE=false
