From be00fec85cb5ff35a7b73cfca82c921818e134ccef27cd2893d5fd7564e40092 Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Wed, 3 Nov 2021 14:30:47 +0000 Subject: [PATCH] Accepting request 923720 from home:jsegitz:branches:systemdhardening:games:tools Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort OBS-URL: https://build.opensuse.org/request/show/923720 OBS-URL: https://build.opensuse.org/package/show/games:tools/mumble?expand=0&rev=137 --- mumble-server.service | 13 +++++++++++++ mumble.changes | 6 ++++++ 2 files changed, 19 insertions(+) diff --git a/mumble-server.service b/mumble-server.service index 52f5726..8b7d8c6 100644 --- a/mumble-server.service +++ b/mumble-server.service @@ -14,6 +14,19 @@ Requires=var-run.mount network.target remote-fs.target time-sync.target After=var-run.mount network.target remote-fs.target time-sync.target mysql.target [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=true +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions User=mumble-server Group=mumble-server ExecStart=/usr/sbin/murmurd -fg -ini /etc/mumble-server.ini diff --git a/mumble.changes b/mumble.changes index de30621..82cd5b0 100644 --- a/mumble.changes +++ b/mumble.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Oct 7 10:25:52 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * mumble-server.service + ------------------------------------------------------------------- Fri Feb 12 08:53:58 UTC 2021 - Andreas Stieger