Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package xrootd for openSUSE:Factory checked in at 2022-01-20 00:12:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/xrootd (Old) and /work/SRC/openSUSE:Factory/.xrootd.new.1892 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "xrootd" Thu Jan 20 00:12:24 2022 rev:22 rq:947399 version:4.12.8 Changes: -------- --- /work/SRC/openSUSE:Factory/xrootd/xrootd.changes 2021-07-21 19:07:53.283448727 +0200 +++ /work/SRC/openSUSE:Factory/.xrootd.new.1892/xrootd.changes 2022-01-20 00:13:18.578626401 +0100 @@ -1,0 +2,9 @@ +Mon Jan 10 12:39:14 UTC 2022 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_cmsd@.service.patch + * harden_frm_purged@.service.patch + * harden_frm_xfrd@.service.patch + * harden_xrootd@.service.patch + +------------------------------------------------------------------- New: ---- harden_cmsd@.service.patch harden_frm_purged@.service.patch harden_frm_xfrd@.service.patch harden_xrootd@.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ xrootd.spec ++++++ --- /var/tmp/diff_new_pack.D4Djzg/_old 2022-01-20 00:13:18.970626717 +0100 +++ /var/tmp/diff_new_pack.D4Djzg/_new 2022-01-20 00:13:18.974626721 +0100 @@ -36,6 +36,10 @@ URL: http://xrootd.org/ Source0: https://github.com/xrootd/xrootd/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source100: xrootd-rpmlintrc +Patch0: harden_cmsd@.service.patch +Patch1: harden_frm_purged@.service.patch +Patch2: harden_frm_xfrd@.service.patch +Patch3: harden_xrootd@.service.patch BuildRequires: cmake >= 2.8 BuildRequires: doxygen BuildRequires: fdupes ++++++ harden_cmsd@.service.patch ++++++ Index: xrootd-4.12.8/packaging/common/cmsd@.service =================================================================== --- xrootd-4.12.8.orig/packaging/common/cmsd@.service +++ xrootd-4.12.8/packaging/common/cmsd@.service @@ -6,6 +6,17 @@ Requires=network-online.target After=network-online.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions ExecStart=/usr/bin/cmsd -l /var/log/xrootd/cmsd.log -c /etc/xrootd/xrootd-%i.cfg -k fifo -s /var/run/xrootd/cmsd-%i.pid -n %i User=xrootd Group=xrootd ++++++ harden_frm_purged@.service.patch ++++++ Index: xrootd-4.12.8/packaging/common/frm_purged@.service =================================================================== --- xrootd-4.12.8.orig/packaging/common/frm_purged@.service +++ xrootd-4.12.8/packaging/common/frm_purged@.service @@ -6,6 +6,17 @@ Requires=network-online.target After=network-online.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions ExecStart=/usr/bin/frm_purged -l /var/log/xrootd/frm_purged.log -c /etc/xrootd/xrootd-%i.cfg -k fifo -s /var/run/xrootd/frm_purged-%i.pid -n %i User=xrootd Group=xrootd ++++++ harden_frm_xfrd@.service.patch ++++++ Index: xrootd-4.12.8/packaging/common/frm_xfrd@.service =================================================================== --- xrootd-4.12.8.orig/packaging/common/frm_xfrd@.service +++ xrootd-4.12.8/packaging/common/frm_xfrd@.service @@ -6,6 +6,17 @@ Requires=network-online.target After=network-online.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions ExecStart=/usr/bin/frm_xfrd -l /var/log/xrootd/frm_xfrd.log -c /etc/xrootd/xrootd-%i.cfg -k fifo -s /var/run/xrootd/frm_xfrd-%i.pid -n %i User=xrootd Group=xrootd ++++++ harden_xrootd@.service.patch ++++++ Index: xrootd-4.12.8/packaging/common/xrootd@.service =================================================================== --- xrootd-4.12.8.orig/packaging/common/xrootd@.service +++ xrootd-4.12.8/packaging/common/xrootd@.service @@ -6,6 +6,17 @@ Requires=network-online.target After=network-online.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions ExecStart=/usr/bin/xrootd -l /var/log/xrootd/xrootd.log -c /etc/xrootd/xrootd-%i.cfg -k fifo -s /var/run/xrootd/xrootd-%i.pid -n %i User=xrootd Group=xrootd
