commit efdb35ba76077c15054efa3c170c13ce303f284d
Author: Nicolas Morey <nmorey@suse.com>
Date:   Thu Sep 5 14:40:33 2024 +0200

    harden vma.service

diff --git contrib/scripts/vma.service.in contrib/scripts/vma.service.in
index e6f5a25b7e00..86d40487ab24 100644
--- contrib/scripts/vma.service.in
+++ contrib/scripts/vma.service.in
@@ -3,6 +3,19 @@ Description=VMA Daemon
 After=network.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=forking
 Restart=on-failure
 ExecStart=@prefix@/sbin/vmad