diff --git a/gammu.changes b/gammu.changes index 8ed454f..b707733 100644 --- a/gammu.changes +++ b/gammu.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Fri Oct 15 07:32:06 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Added patch(es): + * harden_gammu-smsd.service.patch + ------------------------------------------------------------------- Tue Apr 6 09:39:34 UTC 2021 - Martin Hauke diff --git a/gammu.spec b/gammu.spec index 0a011f8..904de70 100644 --- a/gammu.spec +++ b/gammu.spec @@ -31,6 +31,7 @@ Patch1: gammu-remove-gplv3-files.patch Patch2: 0001-Enable-fPIE-pie.patch Patch3: 0001-Update-Python-scripts-to-Python-3.patch Patch4: 0001-Docs-Adjust-attributes-order-to-avoid-bugs-in-breath.patch +Patch5: harden_gammu-smsd.service.patch BuildRequires: cmake >= 2.8 BuildRequires: doxygen BuildRequires: gettext @@ -189,6 +190,7 @@ This package contains the Gammu SMS daemon shared library. %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 # GPL-3.0 licensed files, bnc#775397 rm -rf contrib/sms-gammu2android diff --git a/harden_gammu-smsd.service.patch b/harden_gammu-smsd.service.patch new file mode 100644 index 0000000..86ee1a9 --- /dev/null +++ b/harden_gammu-smsd.service.patch @@ -0,0 +1,21 @@ +Index: gammu-1.42.0/contrib/init/gammu-smsd.service +=================================================================== +--- gammu-1.42.0.orig/contrib/init/gammu-smsd.service ++++ gammu-1.42.0/contrib/init/gammu-smsd.service +@@ -4,6 +4,16 @@ Documentation=man:gammu-smsd(1) + After=mysql.service postgresql.service network-online.target + + [Service] ++# added automatically, for details please see ++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort ++ProtectSystem=full ++ProtectHostname=true ++ProtectKernelTunables=true ++ProtectKernelModules=true ++ProtectKernelLogs=true ++ProtectControlGroups=true ++RestrictRealtime=true ++# end of automatic additions + EnvironmentFile=-/etc/sysconfig/gammu-smsd + # Run daemon as root user + ExecStart=${CMAKE_INSTALL_FULL_BINDIR}/gammu-smsd --pid=/var/run/gammu-smsd.pid --daemon