Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package varnish for openSUSE:Factory checked in at 2021-12-01 20:47:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/varnish (Old) and /work/SRC/openSUSE:Factory/.varnish.new.31177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "varnish" Wed Dec 1 20:47:32 2021 rev:36 rq:935002 version:6.6.1 Changes: -------- --- /work/SRC/openSUSE:Factory/varnish/varnish.changes 2021-08-06 22:45:43.745969665 +0200 +++ /work/SRC/openSUSE:Factory/.varnish.new.31177/varnish.changes 2021-12-02 02:28:06.440016014 +0100 @@ -1,0 +2,7 @@ +Wed Dec 1 10:27:19 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * varnish.service + * varnishlog.service + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ varnish.service ++++++ --- /var/tmp/diff_new_pack.B8ZGBg/_old 2021-12-02 02:28:06.916014371 +0100 +++ /var/tmp/diff_new_pack.B8ZGBg/_new 2021-12-02 02:28:06.916014371 +0100 @@ -3,6 +3,19 @@ After=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions EnvironmentFile=/etc/sysconfig/varnish PIDFile=/var/run/varnishd.pid ExecStart=/usr/sbin/varnishd -P /var/run/varnishd.pid -F $VARNISHD_PARAMS ++++++ varnishlog.service ++++++ --- /var/tmp/diff_new_pack.B8ZGBg/_old 2021-12-02 02:28:06.952014247 +0100 +++ /var/tmp/diff_new_pack.B8ZGBg/_new 2021-12-02 02:28:06.952014247 +0100 @@ -4,6 +4,19 @@ #After= is not required [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions EnvironmentFile=/etc/sysconfig/varnish PIDFile=/var/run/varnishlog.pid ExecStart=/usr/sbin/varnishncsa -P /var/run/varnishlog.pid $VARNISHLOG_PARAMS
