From 1c5d35883ce8dd3d556010617a77e3bd0ec6f3d1bc4d8f7ca364c6d9759d821e Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.com>
Date: Thu, 29 Jul 2021 12:00:41 +0000
Subject: [PATCH] Accepting request 908833 from
 home:jsegitz:branches:systemdhardening:multimedia:libs

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/908833
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/alsa-utils?expand=0&rev=196
---
 alsa-utils.changes  | 6 ++++++
 sound-extra.service | 9 +++++++++
 2 files changed, 15 insertions(+)

diff --git a/alsa-utils.changes b/alsa-utils.changes
index a09b0a9..6769f06 100644
--- a/alsa-utils.changes
+++ b/alsa-utils.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Jul 28 07:46:26 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s). Modified:
+  * sound-extra.service
+
 -------------------------------------------------------------------
 Mon Jun 14 15:04:57 CEST 2021 - tiwai@suse.de
 
diff --git a/sound-extra.service b/sound-extra.service
index 8b5299f..33e9629 100644
--- a/sound-extra.service
+++ b/sound-extra.service
@@ -4,5 +4,14 @@ After=alsa-restore.service
 ConditionPathExists=/proc/asound
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
 Type=oneshot
 ExecStart=/usr/lib/systemd/scripts/load-sound-modules.sh