Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package numad for openSUSE:Factory checked in at 2021-10-23 00:50:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/numad (Old) and /work/SRC/openSUSE:Factory/.numad.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "numad" Sat Oct 23 00:50:24 2021 rev:6 rq:926523 version:0.5.20130522 Changes: -------- --- /work/SRC/openSUSE:Factory/numad/numad.changes 2019-06-26 16:01:19.815403869 +0200 +++ /work/SRC/openSUSE:Factory/.numad.new.1890/numad.changes 2021-10-23 00:50:44.877126497 +0200 @@ -1,0 +2,6 @@ +Fri Oct 15 07:27:14 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_numad.service.patch + +------------------------------------------------------------------- New: ---- harden_numad.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ numad.spec ++++++ --- /var/tmp/diff_new_pack.PODAKp/_old 2021-10-23 00:50:45.325126597 +0200 +++ /var/tmp/diff_new_pack.PODAKp/_new 2021-10-23 00:50:45.329126598 +0200 @@ -1,7 +1,7 @@ # # spec file for package numad # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,14 +12,14 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: numad -Url: http://git.fedorahosted.org/git/numad.git +URL: http://git.fedorahosted.org/git/numad.git Summary: Userspace daemon that automatically binds workloads to NUMA nodes -License: LGPL-2.1 +License: LGPL-2.1-only Group: System/Daemons Version: 0.5.20130522 Release: 0 @@ -32,6 +32,7 @@ Patch5: numad-rpm-opt-flags.patch Patch6: numad-opensuse-systemd.patch Patch7: numad-systemd-simple-type.patch +Patch8: harden_numad.service.patch %if 0%{?suse_version} > 1140 BuildRequires: pkgconfig(systemd) @@ -62,6 +63,7 @@ %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 %build make OPT_CFLAGS="$RPM_OPT_FLAGS" %{?_smp_mflags} ++++++ harden_numad.service.patch ++++++ Index: numad-0.5.20130522/numad.service =================================================================== --- numad-0.5.20130522.orig/numad.service +++ numad-0.5.20130522/numad.service @@ -2,6 +2,15 @@ Description=numad - The NUMA daemon that manages application locality. [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelModules=true +ProtectKernelLogs=true +RestrictRealtime=true +# end of automatic additions Type=simple EnvironmentFile=/etc/numad.conf ExecStart=/usr/sbin/numad -i $INTERVAL -F
