bitcoin/harden_bitcoind.service.patch

Index: bitcoin-24.0.1/contrib/init/bitcoind.service
===================================================================
--- bitcoin-24.0.1.orig/contrib/init/bitcoind.service
+++ bitcoin-24.0.1/contrib/init/bitcoind.service
@@ -74,6 +74,16 @@ NoNewPrivileges=true
 # Use a new /dev namespace only populated with API pseudo devices
 # such as /dev/null, /dev/zero and /dev/random.
 PrivateDevices=true
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 
 # Deny the creation of writable and executable memory mappings.
 MemoryDenyWriteExecute=true
Accepting request 1043940 from home:amanzini:branches:network:cryptocurrencies - Update to version 24.0.1 changelogs: * https://bitcoincore.org/en/releases/24.0.1/ * https://bitcoincore.org/en/releases/23.0/ * https://bitcoincore.org/en/releases/22.1/ - fixed upstream version number change: it's not 0.x anymore` OBS-URL: https://build.opensuse.org/request/show/1043940 OBS-URL: https://build.opensuse.org/package/show/network:cryptocurrencies/bitcoin?expand=0&rev=49 2022-12-21 10:47:13 +01:00			`Index: bitcoin-24.0.1/contrib/init/bitcoind.service`
Accepting request 914548 from home:jsegitz:branches:systemdhardening:network:cryptocurrencies - Added hardening to systemd service(s). Added patch(es): * harden_bitcoind.service.patch Modified: * bitcoind.service OBS-URL: https://build.opensuse.org/request/show/914548 OBS-URL: https://build.opensuse.org/package/show/network:cryptocurrencies/bitcoin?expand=0&rev=42 2021-08-27 17:22:13 +02:00			`===================================================================`
Accepting request 1043940 from home:amanzini:branches:network:cryptocurrencies - Update to version 24.0.1 changelogs: * https://bitcoincore.org/en/releases/24.0.1/ * https://bitcoincore.org/en/releases/23.0/ * https://bitcoincore.org/en/releases/22.1/ - fixed upstream version number change: it's not 0.x anymore` OBS-URL: https://build.opensuse.org/request/show/1043940 OBS-URL: https://build.opensuse.org/package/show/network:cryptocurrencies/bitcoin?expand=0&rev=49 2022-12-21 10:47:13 +01:00			`--- bitcoin-24.0.1.orig/contrib/init/bitcoind.service`
			`+++ bitcoin-24.0.1/contrib/init/bitcoind.service`
			`@@ -74,6 +74,16 @@ NoNewPrivileges=true`
Accepting request 914548 from home:jsegitz:branches:systemdhardening:network:cryptocurrencies - Added hardening to systemd service(s). Added patch(es): * harden_bitcoind.service.patch Modified: * bitcoind.service OBS-URL: https://build.opensuse.org/request/show/914548 OBS-URL: https://build.opensuse.org/package/show/network:cryptocurrencies/bitcoin?expand=0&rev=42 2021-08-27 17:22:13 +02:00			`# Use a new /dev namespace only populated with API pseudo devices`
			`# such as /dev/null, /dev/zero and /dev/random.`
			`PrivateDevices=true`
			`+# added automatically, for details please see`
			`+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort`
			`+ProtectHostname=true`
			`+ProtectClock=true`
			`+ProtectKernelTunables=true`
			`+ProtectKernelModules=true`
			`+ProtectKernelLogs=true`
			`+ProtectControlGroups=true`
			`+RestrictRealtime=true`
			`+# end of automatic additions`

			`# Deny the creation of writable and executable memory mappings.`
			`MemoryDenyWriteExecute=true`