From 2ff0f62857de47bc3e8798d7b610665d7e8b85dbca38273db58be4692047ffbb Mon Sep 17 00:00:00 2001
From: Matwey Kornilov <matwey.kornilov@gmail.com>
Date: Sat, 18 Sep 2021 16:16:05 +0000
Subject: [PATCH] Accepting request 918929 from
 home:jsegitz:branches:systemdhardening:devel:languages:erlang:Factory

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/918929
OBS-URL: https://build.opensuse.org/package/show/devel:languages:erlang:Factory/erlang?expand=0&rev=116
---
 epmd.service   | 13 +++++++++++++
 erlang.changes |  6 ++++++
 2 files changed, 19 insertions(+)

diff --git a/epmd.service b/epmd.service
index 5e8e54f..a35ae54 100644
--- a/epmd.service
+++ b/epmd.service
@@ -4,6 +4,19 @@ After=network.target
 Requires=epmd.socket
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 ExecStart=/usr/bin/epmd -systemd
 #ExecStop=/usr/bin/epmd -kill
 Type=simple
diff --git a/erlang.changes b/erlang.changes
index 3f502d7..38a9a17 100644
--- a/erlang.changes
+++ b/erlang.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Sep 14 07:19:32 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * epmd.service
+
 -------------------------------------------------------------------
 Wed Aug 04 16:05:03 UTC 2021 - opensuse-packaging@opensuse.org