commit sysstat for openSUSE:Factory

Wed, 01 Dec 2021 17:27:33 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package sysstat for openSUSE:Factory checked 
in at 2021-12-01 20:46:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sysstat (Old)
 and      /work/SRC/openSUSE:Factory/.sysstat.new.31177 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "sysstat"

Wed Dec  1 20:46:58 2021 rev:97 rq:934592 version:12.4.3

Changes:
--------
--- /work/SRC/openSUSE:Factory/sysstat/sysstat.changes  2021-10-18 
21:58:16.229923354 +0200
+++ /work/SRC/openSUSE:Factory/.sysstat.new.31177/sysstat.changes       
2021-12-02 02:27:23.016165856 +0100
@@ -1,0 +2,6 @@
+Wed Nov 24 12:33:59 UTC 2021 - Johannes Segitz <jseg...@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_sysstat.service.patch
+
+-------------------------------------------------------------------

New:
----
  harden_sysstat.service.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ sysstat.spec ++++++
--- /var/tmp/diff_new_pack.d88lZ3/_old  2021-12-02 02:27:23.476164269 +0100
+++ /var/tmp/diff_new_pack.d88lZ3/_new  2021-12-02 02:27:23.476164269 +0100
@@ -33,6 +33,7 @@
 Patch2:         sysstat-8.0.4-pagesize.diff
 # PATCH-FIX-OPENSUSE bsc#1151453
 Patch3:         sysstat-service.patch
+Patch4:         harden_sysstat.service.patch
 BuildRequires:  findutils
 BuildRequires:  gettext-runtime
 BuildRequires:  pkgconfig
@@ -75,6 +76,7 @@
 cp %{SOURCE1} .
 # remove date and time from objects
 find ./ -name \*.c -exec sed -i -e 's: " compiled " __DATE__ " " __TIME__::g' 
{} \;
+%patch4 -p1
 
 %build
 export conf_dir="%{_sysconfdir}/sysstat"

++++++ harden_sysstat.service.patch ++++++
Index: sysstat-12.4.3/sysstat.service.in
===================================================================
--- sysstat-12.4.3.orig/sysstat.service.in
+++ sysstat-12.4.3/sysstat.service.in
@@ -10,6 +10,17 @@ Description=Resets System Activity Logs
 After=remote-fs.target local-fs.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=oneshot
 RemainAfterExit=yes
 User=@CRON_OWNER@

Reply via email to