From 0ff1dbd54e52f33655690f3294704829029e832ecb8f59ebf643c20ac2b96768 Mon Sep 17 00:00:00 2001
From: Axel Braun <axel.braun@gmx.de>
Date: Sat, 16 Oct 2021 19:40:14 +0000
Subject: [PATCH] Accepting request 925116 from
 home:jsegitz:branches:systemdhardening:graphics

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/925116
OBS-URL: https://build.opensuse.org/package/show/graphics/orthanc?expand=0&rev=42
---
 orthanc.changes | 6 ++++++
 orthanc.service | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/orthanc.changes b/orthanc.changes
index d9e4251..c231496 100644
--- a/orthanc.changes
+++ b/orthanc.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Oct 13 13:27:12 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * orthanc.service
+
 -------------------------------------------------------------------
 Sun Sep 26 20:02:08 UTC 2021 - Axel Braun <axel.braun@gmx.de>
 
diff --git a/orthanc.service b/orthanc.service
index d5b9702..7120db9 100644
--- a/orthanc.service
+++ b/orthanc.service
@@ -14,6 +14,12 @@ ProtectControlGroups=true
 MountFlags=private
 NoNewPrivileges=true
 PrivateDevices=true
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectHostname=true
+ProtectKernelLogs=true
+RestrictRealtime=true
+# end of automatic additions 
 MemoryDenyWriteExecute=true
 
 Type=simple