1df0aacc1c
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort OBS-URL: https://build.opensuse.org/request/show/921086 OBS-URL: https://build.opensuse.org/package/show/network:utilities/iputils?expand=0&rev=97
18 lines
628 B
Diff
18 lines
628 B
Diff
Index: iputils-20210722/systemd/rdisc.service.in
|
|
===================================================================
|
|
--- iputils-20210722.orig/systemd/rdisc.service.in
|
|
+++ iputils-20210722/systemd/rdisc.service.in
|
|
@@ -20,6 +20,12 @@ ProtectKernelModules=yes
|
|
MemoryDenyWriteExecute=yes
|
|
RestrictRealtime=yes
|
|
RestrictNamespaces=yes
|
|
+# added automatically, for details please see
|
|
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
|
+ProtectHostname=true
|
|
+ProtectClock=true
|
|
+ProtectKernelLogs=true
|
|
+# end of automatic additions
|
|
SystemCallArchitectures=native
|
|
LockPersonality=yes
|
|
NoNewPrivileges=yes
|