From 5a1756a5b648083a8fc0d169e4b639f27bf1c5b1eec07a10fdcc5aae90b13ba7 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Sat, 18 Sep 2021 14:36:29 +0000 Subject: [PATCH] Accepting request 919467 from home:jsegitz:branches:systemdhardening:M17N Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort OBS-URL: https://build.opensuse.org/request/show/919467 OBS-URL: https://build.opensuse.org/package/show/M17N/fwnn?expand=0&rev=31 --- fcwnn.service | 13 +++++++++++++ fkwnn.service | 13 +++++++++++++ ftwnn.service | 13 +++++++++++++ fwnn.changes | 9 +++++++++ fwnn.service | 13 +++++++++++++ 5 files changed, 61 insertions(+) diff --git a/fcwnn.service b/fcwnn.service index 91ad676..681b1fe 100644 --- a/fcwnn.service +++ b/fcwnn.service @@ -3,6 +3,19 @@ ConditionPathExists=/etc/FreeWnn/zh_CN/cserverrc Description=Free Wnn (mainland) Chinese Server, for input of simplified Chinese [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking User=wnn ExecStartPre=/bin/rm -f /tmp/cd_sockV4 diff --git a/fkwnn.service b/fkwnn.service index d394412..1419002 100644 --- a/fkwnn.service +++ b/fkwnn.service @@ -3,6 +3,19 @@ ConditionPathExists=/etc/FreeWnn/ko_KR/kserverrc Description=Free Wnn Korean Server, for input of Korean [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking User=wnn ExecStartPre=/bin/rm -f /tmp/kd_sockV4 diff --git a/ftwnn.service b/ftwnn.service index 24510eb..5e35c8c 100644 --- a/ftwnn.service +++ b/ftwnn.service @@ -3,6 +3,19 @@ ConditionPathExists=/etc/FreeWnn/zh_TW/tserverrc Description=Free Wnn Taiwan-Chinese Server, for input of traditional Chinese [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking User=wnn ExecStartPre=/bin/rm -f /tmp/td_sockV4 diff --git a/fwnn.changes b/fwnn.changes index 24bc691..0143ad9 100644 --- a/fwnn.changes +++ b/fwnn.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Thu Sep 16 07:16:15 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * fcwnn.service + * fkwnn.service + * ftwnn.service + * fwnn.service + ------------------------------------------------------------------- Wed Aug 21 13:31:28 UTC 2019 - Berthold Gunreben diff --git a/fwnn.service b/fwnn.service index 55696c1..eac41ae 100644 --- a/fwnn.service +++ b/fwnn.service @@ -3,6 +3,19 @@ ConditionPathExists=/etc/FreeWnn/ja/jserverrc Description=Free Wnn Kanji Server used for input of Japanese [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking User=wnn ExecStartPre=/bin/rm -f /tmp/jd_sockV4