From 299b5fcac4bbf676c14babd3bbd43f553b0df92a0cd18047b7efd57e4473c8da Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Sun, 21 Nov 2021 11:03:38 +0000
Subject: [PATCH] Accepting request 925359 from
 home:jsegitz:branches:systemdhardening:Base:System

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/925359
OBS-URL: https://build.opensuse.org/package/show/Base:System/hostapd?expand=0&rev=64
---
 hostapd.changes |  6 ++++++
 hostapd.service | 11 +++++++++++
 2 files changed, 17 insertions(+)

diff --git a/hostapd.changes b/hostapd.changes
index 67ec96f..94eb762 100644
--- a/hostapd.changes
+++ b/hostapd.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Oct 15 07:29:27 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * hostapd.service
+
 -------------------------------------------------------------------
 Wed Jul 14 08:41:42 UTC 2021 - Michael Ströder <michael@stroeder.com>
 
diff --git a/hostapd.service b/hostapd.service
index 02a394e..e3047cb 100644
--- a/hostapd.service
+++ b/hostapd.service
@@ -3,6 +3,17 @@ Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticato
 After=network.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 ExecStart=/usr/sbin/hostapd /etc/hostapd.conf 
 ExecReload=/bin/kill -HUP $MAINPID