From fe8809231508272ad0e300b6bed7276bf7f574cd170cf78be9ad2b22856e3128 Mon Sep 17 00:00:00 2001
From: Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
Date: Tue, 21 Sep 2021 15:21:50 +0000
Subject: [PATCH] Accepting request 918946 from
 home:jsegitz:branches:systemdhardening:server:mail

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/918946
OBS-URL: https://build.opensuse.org/package/show/server:mail/fetchmail?expand=0&rev=119
---
 fetchmail.changes |  6 ++++++
 fetchmail.service | 11 +++++++++++
 2 files changed, 17 insertions(+)

diff --git a/fetchmail.changes b/fetchmail.changes
index 41739a2..759c936 100644
--- a/fetchmail.changes
+++ b/fetchmail.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Sep 14 08:55:42 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * fetchmail.service
+
 -------------------------------------------------------------------
 Tue Aug 24 16:50:40 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
 
diff --git a/fetchmail.service b/fetchmail.service
index 8f093ad..f3bd5a4 100644
--- a/fetchmail.service
+++ b/fetchmail.service
@@ -3,6 +3,17 @@ Description=A remote-mail retrieval utility
 After=network.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 EnvironmentFile=-/etc/sysconfig/fetchmail
 User=fetchmail
 ExecStart=@LIBEXECDIR@/fetchmail-systemd-exec