Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package redfish-finder for openSUSE:Factory checked in at 2022-02-18 23:03:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/redfish-finder (Old) and /work/SRC/openSUSE:Factory/.redfish-finder.new.1958 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "redfish-finder" Fri Feb 18 23:03:08 2022 rev:4 rq:955868 version:0.4 Changes: -------- --- /work/SRC/openSUSE:Factory/redfish-finder/redfish-finder.changes 2021-03-03 18:35:18.983395309 +0100 +++ /work/SRC/openSUSE:Factory/.redfish-finder.new.1958/redfish-finder.changes 2022-02-18 23:03:49.677408695 +0100 @@ -1,0 +2,6 @@ +Mon Nov 15 12:56:45 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_redfish-finder.service.patch + +------------------------------------------------------------------- New: ---- harden_redfish-finder.service.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ redfish-finder.spec ++++++ --- /var/tmp/diff_new_pack.J2kiiz/_old 2022-02-18 23:03:50.289408648 +0100 +++ /var/tmp/diff_new_pack.J2kiiz/_new 2022-02-18 23:03:50.297408647 +0100 @@ -27,6 +27,7 @@ Patch0: python_path.patch # PATCH-FIX_UPSTREAM: https://github.com/nhorman/redfish-finder/pull/3 Patch1: fix_parsing_HostConfig_for_dhcp.patch +Patch2: harden_redfish-finder.service.patch BuildRequires: python3 Requires: NetworkManager @@ -44,6 +45,7 @@ %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build #noop here ++++++ harden_redfish-finder.service.patch ++++++ Index: redfish-finder-0.4/redfish-finder.service =================================================================== --- redfish-finder-0.4.orig/redfish-finder.service +++ redfish-finder-0.4/redfish-finder.service @@ -3,6 +3,17 @@ Description=Redfish host api discovery s After=network.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +ProtectHostname=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=oneshot ExecStart=/usr/bin/redfish-finder ExecStop=/usr/bin/redfish-finder --shutdown
