gerbera/harden_gerbera.service.patch

Index: gerbera-1.12.0/scripts/systemd/gerbera.service.cmake
===================================================================
--- gerbera-1.12.0.orig/scripts/systemd/gerbera.service.cmake
+++ gerbera-1.12.0/scripts/systemd/gerbera.service.cmake
@@ -4,6 +4,20 @@ After=${SYSTEMD_AFTER_TARGET}
 Wants=${SYSTEMD_WANTS_TARGET}
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+ReadWritePaths=/usr/share/gerbera/ /etc/gerbera/ /var/log/gerbera
+# end of automatic additions 
 Type=simple
 User=gerbera
 Group=gerbera