From bea9fda6b3967accc32c1ab6352a145aba273d5f50d3285080d724410daf1a48 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Fri, 27 Aug 2021 11:47:43 +0000
Subject: [PATCH] Accepting request 914364 from
 home:jsegitz:branches:systemdhardening:network:utilities

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/914364
OBS-URL: https://build.opensuse.org/package/show/network:utilities/bwbar?expand=0&rev=11
---
 bwbar.changes |  6 ++++++
 bwbar.service | 13 +++++++++++++
 bwbar.spec    |  8 ++++----
 3 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/bwbar.changes b/bwbar.changes
index 52d5b6e..c94aa59 100644
--- a/bwbar.changes
+++ b/bwbar.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Aug 25 11:42:40 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s). Modified:
+  * bwbar.service
+
 -------------------------------------------------------------------
 Thu Nov 23 13:45:50 UTC 2017 - rbrown@suse.com
 
diff --git a/bwbar.service b/bwbar.service
index a4beba9..3a2de42 100644
--- a/bwbar.service
+++ b/bwbar.service
@@ -3,6 +3,19 @@ Description=Bandwith Usage Monitor
 After=network.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 EnvironmentFile=/etc/sysconfig/bwbar
 ExecStart=/usr/bin/bwbar \
 	--${BWBAR_MEASURE} \
diff --git a/bwbar.spec b/bwbar.spec
index b1f434e..3e24a03 100644
--- a/bwbar.spec
+++ b/bwbar.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package bwbar
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -24,9 +24,9 @@
 Name:           bwbar
 BuildRequires:  gcc-c++
 BuildRequires:  libpng-devel
-Url:            http://www.kernel.org/pub/software/web/bwbar/
+URL:            http://www.kernel.org/pub/software/web/bwbar/
 Summary:        Bandwidth usage bar
-License:        GPL-2.0+
+License:        GPL-2.0-or-later
 Group:          Productivity/Networking/Other
 Version:        1.2.3 
 Release:        0