From 39cda581d8e5fe94107aa5fe0cae8f900e5363ee762a366c94feae82556f1794 Mon Sep 17 00:00:00 2001
From: Michael Vetter <jubalh@iodoru.org>
Date: Tue, 7 Sep 2021 19:12:22 +0000
Subject: [PATCH] Accepting request 914396 from
 home:jsegitz:branches:systemdhardening:games

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features\#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/914396
OBS-URL: https://build.opensuse.org/package/show/games/bzflag?expand=0&rev=34
---
 bzflag.changes       |  6 ++++++
 bzflagserver.service | 13 +++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/bzflag.changes b/bzflag.changes
index 61b46d2..1899fa6 100644
--- a/bzflag.changes
+++ b/bzflag.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Aug 26 11:36:28 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s). Modified:
+  * bzflagserver.service
+
 -------------------------------------------------------------------
 Sun Feb 28 16:06:59 UTC 2021 - Martin Hauke <mardnh@gmx.de>
 
diff --git a/bzflagserver.service b/bzflagserver.service
index 8e14175..4c893a2 100644
--- a/bzflagserver.service
+++ b/bzflagserver.service
@@ -9,6 +9,19 @@ Wants=remote-fs.target
 Wants=syslog.socket
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=forking
 Restart=no
 TimeoutSec=5min