From dde4368528ce48cefdd4e1984daff5a48499b5bc87454a099ddcf47a2a5fdf27 Mon Sep 17 00:00:00 2001
From: Matej Cepl <mcepl@suse.com>
Date: Tue, 14 Sep 2021 15:15:13 +0000
Subject: [PATCH] Accepting request 918927 from
 home:jsegitz:branches:systemdhardening:Education

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/918927
OBS-URL: https://build.opensuse.org/package/show/Education/dictd?expand=0&rev=23
---
 dictd.changes |  6 ++++++
 dictd.service | 13 +++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/dictd.changes b/dictd.changes
index bcc8dec..b53db23 100644
--- a/dictd.changes
+++ b/dictd.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Sep 13 13:57:00 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * dictd.service
+
 -------------------------------------------------------------------
 Mon Mar 30 12:37:41 UTC 2020 - Matej Cepl <mcepl@suse.com>
 
diff --git a/dictd.service b/dictd.service
index ae65a5d..739f801 100644
--- a/dictd.service
+++ b/dictd.service
@@ -3,6 +3,19 @@ Description=Dictd Dictionary Server Daemon
 After=network.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=forking
 ExecStart=/usr/sbin/dictd --listen-to 127.0.0.1