pool/numad
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 925369 from home:jsegitz:branches:systemdhardening:hardware

Browse Source 
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/925369
OBS-URL: https://build.opensuse.org/package/show/hardware/numad?expand=0&rev=7
This commit is contained in:
Mel Gorman 2021-10-20 10:13:13 +00:00 committed by Git OBS Bridge
parent ac317fe173
commit c7dd7fa11a
3 changed files with 32 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
harden_numad.service.patch Normal file
View File

@ -0,0 +1,20 @@
Index: numad-0.5.20130522/numad.service
===================================================================
--- numad-0.5.20130522.orig/numad.service
+++ numad-0.5.20130522/numad.service
@@ -2,6 +2,15 @@
Description=numad - The NUMA daemon that manages application locality.
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+RestrictRealtime=true
+# end of automatic additions
Type=simple
EnvironmentFile=/etc/numad.conf
ExecStart=/usr/sbin/numad -i $INTERVAL -F

6
numad.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Oct 15 07:27:14 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_numad.service.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jun 12 14:58:50 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org> Wed Jun 12 14:58:50 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>

10
numad.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package numad # spec file for package numad
# #
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2021 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -12,14 +12,14 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
Name: numad Name: numad
Url: http://git.fedorahosted.org/git/numad.git URL: http://git.fedorahosted.org/git/numad.git
Summary: Userspace daemon that automatically binds workloads to NUMA nodes Summary: Userspace daemon that automatically binds workloads to NUMA nodes
License: LGPL-2.1 License: LGPL-2.1-only
Group: System/Daemons Group: System/Daemons
Version: 0.5.20130522 Version: 0.5.20130522
Release: 0 Release: 0
@ -32,6 +32,7 @@ Patch4: numad-versioning.patch
Patch5: numad-rpm-opt-flags.patch Patch5: numad-rpm-opt-flags.patch
Patch6: numad-opensuse-systemd.patch Patch6: numad-opensuse-systemd.patch
Patch7: numad-systemd-simple-type.patch Patch7: numad-systemd-simple-type.patch
Patch8: harden_numad.service.patch
%if 0%{?suse_version} > 1140 %if 0%{?suse_version} > 1140
BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(systemd)
@ -62,6 +63,7 @@ to regress performance.
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1 %patch7 -p1
%patch8 -p1
%build %build
make OPT_CFLAGS="$RPM_OPT_FLAGS" %{?_smp_mflags} make OPT_CFLAGS="$RPM_OPT_FLAGS" %{?_smp_mflags}