pool/ledmon
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 925360 from home:jsegitz:branches:systemdhardening:Base:System

Browse Source 
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/925360
OBS-URL: https://build.opensuse.org/package/show/Base:System/ledmon?expand=0&rev=42
This commit is contained in:
Dirk Mueller 2021-10-16 09:50:31 +00:00 committed by Git OBS Bridge
parent b27e075ae6
commit 1abd0f321a
3 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
harden_ledmon.service.patch Normal file
View File

@ -0,0 +1,22 @@
Index: ledmon-0.95/systemd/ledmon.service.in
===================================================================
--- ledmon-0.95.orig/systemd/ledmon.service.in
+++ ledmon-0.95/systemd/ledmon.service.in
@@ -5,6 +5,17 @@ Description=Enclosure LED Utilities
WantedBy=multi-user.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=simple
User=root
ExecStart=@sbindir@/ledmon --foreground

6
ledmon.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Oct 15 07:28:48 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_ledmon.service.patch
-------------------------------------------------------------------
Thu Jul 1 14:27:36 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>

3
ledmon.spec
View File

@ -24,6 +24,7 @@ License: GPL-2.0-only
Group: Hardware/Other
URL: https://github.com/intel/ledmon/
Source0: https://github.com/intel/ledmon/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
Patch0: harden_ledmon.service.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libsgutils-devel
@ -42,7 +43,7 @@ ControlUtilities. They help to enable LED management for software RAID
solutions.
%prep
%autosetup
%autosetup -p1
%build
%define _lto_cflags %{nil}