From 1df0aacc1ca852da1db699d07a3653e307d2d2b8786c7d12b94f64b30333f07f Mon Sep 17 00:00:00 2001
From: Petr Vorel <petr.vorel@gmail.com>
Date: Thu, 23 Sep 2021 07:10:34 +0000
Subject: [PATCH] Accepting request 921086 from
 home:jsegitz:branches:systemdhardening:network:utilities

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/921086
OBS-URL: https://build.opensuse.org/package/show/network:utilities/iputils?expand=0&rev=97
---
 harden_rdisc.service.patch | 17 +++++++++++++++++
 iputils.changes            |  6 ++++++
 iputils.spec               |  1 +
 3 files changed, 24 insertions(+)
 create mode 100644 harden_rdisc.service.patch

diff --git a/harden_rdisc.service.patch b/harden_rdisc.service.patch
new file mode 100644
index 0000000..a5e72c0
--- /dev/null
+++ b/harden_rdisc.service.patch
@@ -0,0 +1,17 @@
+Index: iputils-20210722/systemd/rdisc.service.in
+===================================================================
+--- iputils-20210722.orig/systemd/rdisc.service.in
++++ iputils-20210722/systemd/rdisc.service.in
+@@ -20,6 +20,12 @@ ProtectKernelModules=yes
+ MemoryDenyWriteExecute=yes
+ RestrictRealtime=yes
+ RestrictNamespaces=yes
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectHostname=true
++ProtectClock=true
++ProtectKernelLogs=true
++# end of automatic additions 
+ SystemCallArchitectures=native
+ LockPersonality=yes
+ NoNewPrivileges=yes
diff --git a/iputils.changes b/iputils.changes
index ace272e..ac33500 100644
--- a/iputils.changes
+++ b/iputils.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Sep 22 14:49:53 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_rdisc.service.patch
+
 -------------------------------------------------------------------
 Thu Jul 22 16:18:11 UTC 2021 - Petr Vorel <pvorel@suse.cz>
 
diff --git a/iputils.spec b/iputils.spec
index 60330c7..fa63e29 100644
--- a/iputils.spec
+++ b/iputils.spec
@@ -24,6 +24,7 @@ License:        BSD-3-Clause AND GPL-2.0-or-later
 Group:          Productivity/Networking/Other
 URL:            https://github.com/iputils/iputils
 Source0:        https://github.com/iputils/iputils/archive/%{version}.tar.gz
+Patch0:	harden_rdisc.service.patch
 BuildRequires:  docbook5-xsl-stylesheets
 BuildRequires:  docbook_5
 BuildRequires:  iproute2