Accepting request 921099 from network:utilities

OBS-URL: https://build.opensuse.org/request/show/921099 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/iputils?expand=0&rev=60
2021-09-26 19:48:35 +00:00
parent b0b9235022 1df0aacc1c
commit 4bfbceb2cb
3 changed files with 24 additions and 0 deletions
--- a/harden_rdisc.service.patch
+++ b/harden_rdisc.service.patch
@@ -0,0 +1,17 @@
+Index: iputils-20210722/systemd/rdisc.service.in
+===================================================================
+--- iputils-20210722.orig/systemd/rdisc.service.in
+++ iputils-20210722/systemd/rdisc.service.in
+@@ -20,6 +20,12 @@ ProtectKernelModules=yes
+ MemoryDenyWriteExecute=yes
+ RestrictRealtime=yes
+ RestrictNamespaces=yes
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelLogs=true
+# end of automatic additions 
+ SystemCallArchitectures=native
+ LockPersonality=yes
+ NoNewPrivileges=yes
--- a/iputils.changes
+++ b/iputils.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Sep 22 14:49:53 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_rdisc.service.patch
+
 -------------------------------------------------------------------
 Thu Jul 22 16:18:11 UTC 2021 - Petr Vorel <pvorel@suse.cz>

--- a/iputils.spec
+++ b/iputils.spec
@@ -24,6 +24,7 @@ License:        BSD-3-Clause AND GPL-2.0-or-later
 Group:          Productivity/Networking/Other
 URL:            https://github.com/iputils/iputils
 Source0:        https://github.com/iputils/iputils/archive/%{version}.tar.gz
+Patch0:	harden_rdisc.service.patch
 BuildRequires:  docbook5-xsl-stylesheets
 BuildRequires:  docbook_5
 BuildRequires:  iproute2