Accepting request 925652 from Base:System

OBS-URL: https://build.opensuse.org/request/show/925652
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ledmon?expand=0&rev=22

harden_ledmon.service.patch

@@ -0,0 +1,22 @@
+Index: ledmon-0.95/systemd/ledmon.service.in
+===================================================================
+--- ledmon-0.95.orig/systemd/ledmon.service.in
++++ ledmon-0.95/systemd/ledmon.service.in
+@@ -5,6 +5,17 @@ Description=Enclosure LED Utilities
+ WantedBy=multi-user.target
+ 
+ [Service]
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectSystem=full
++ProtectHome=true
++ProtectHostname=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
++RestrictRealtime=true
++# end of automatic additions 
+ Type=simple
+ User=root
+ ExecStart=@sbindir@/ledmon --foreground

ledmon.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Oct 15 07:28:48 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_ledmon.service.patch
+
 -------------------------------------------------------------------
 Thu Jul  1 14:27:36 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
 

ledmon.spec

@@ -24,6 +24,7 @@ License:        GPL-2.0-only
 Group:          Hardware/Other
 URL:            https://github.com/intel/ledmon/
 Source0:        https://github.com/intel/ledmon/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:	harden_ledmon.service.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libsgutils-devel
@@ -42,7 +43,7 @@ ControlUtilities. They help to enable LED management for software RAID
 solutions.
 
 %prep
-%autosetup
+%autosetup -p1
 
 %build
 %define _lto_cflags %{nil}