frr/harden_frr.service.patch

Index: frr-frr-8.1/tools/frr.service.in
===================================================================
--- frr-frr-8.1.orig/tools/frr.service.in
+++ frr-frr-8.1/tools/frr.service.in
@@ -7,6 +7,16 @@ Before=network.target
 OnFailure=heartbeat-failed@%n
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ReadWritePaths=/etc/frr
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Nice=-5
 Type=forking
 NotifyAccess=all
Index: frr-frr-8.1/tools/frr@.service.in
===================================================================
--- frr-frr-8.1.orig/tools/frr@.service.in
+++ frr-frr-8.1/tools/frr@.service.in
@@ -7,6 +7,16 @@ Before=network.target
 OnFailure=heartbeat-failed@%n
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ReadWritePaths=/etc/frr
+ProtectHome=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Nice=-5
 Type=forking
 NotifyAccess=all