Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package privoxy for openSUSE:Factory checked in at 2021-10-26 20:14:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/privoxy (Old) and /work/SRC/openSUSE:Factory/.privoxy.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "privoxy" Tue Oct 26 20:14:12 2021 rev:55 rq:927525 version:3.0.32 Changes: -------- --- /work/SRC/openSUSE:Factory/privoxy/privoxy.changes 2021-10-23 00:51:32.357137207 +0200 +++ /work/SRC/openSUSE:Factory/.privoxy.new.1890/privoxy.changes 2021-10-26 20:14:57.390049829 +0200 @@ -1,0 +2,6 @@ +Wed Oct 20 11:46:24 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * privoxy.service + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ privoxy.service ++++++ --- /var/tmp/diff_new_pack.HMnSBs/_old 2021-10-26 20:14:58.046050175 +0200 +++ /var/tmp/diff_new_pack.HMnSBs/_new 2021-10-26 20:14:58.046050175 +0200 @@ -3,6 +3,19 @@ After=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking PIDFile=/run/privoxy.pid ExecStartPre=-/usr/bin/cp -upf /etc/resolv.conf /etc/host.conf /etc/hosts /etc/localtime /var/lib/privoxy/etc/
