From c7169ad37eaa8fd49910e3092e5958cd9a7f8d3d5f741533a1f9c985f25fbf4d Mon Sep 17 00:00:00 2001
From: Jiri Slaby <jslaby@suse.com>
Date: Tue, 10 Aug 2021 12:54:06 +0000
Subject: [PATCH] Accepting request 911242 from
 home:jsegitz:branches:systemdhardening:network:utilities

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/911242
OBS-URL: https://build.opensuse.org/package/show/network:utilities/2ping?expand=0&rev=31
---
 2ping.changes              |  6 ++++++
 2ping.spec                 |  1 +
 harden_2ping.service.patch | 16 ++++++++++++++++
 3 files changed, 23 insertions(+)
 create mode 100644 harden_2ping.service.patch

diff --git a/2ping.changes b/2ping.changes
index 1adc6c3..9b88d75 100644
--- a/2ping.changes
+++ b/2ping.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Aug 10 09:28:47 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s). Added patch(es):
+  * harden_2ping.service.patch
+
 -------------------------------------------------------------------
 Mon Jun 14 09:56:20 UTC 2021 - Jiri Slaby <jslaby@suse.cz>
 
diff --git a/2ping.spec b/2ping.spec
index ae69743..2f67f8a 100644
--- a/2ping.spec
+++ b/2ping.spec
@@ -25,6 +25,7 @@ URL:            https://www.finnie.org/software/2ping/
 Source0:        https://www.finnie.org/software/2ping/%{name}-%{version}.tar.gz
 Source1:        https://www.finnie.org/software/2ping/%{name}-%{version}.tar.gz.asc
 Source2:        %{name}.keyring
+Patch0:         harden_2ping.service.patch
 BuildRequires:  fdupes
 BuildRequires:  python3-devel >= 3.6
 BuildRequires:  python3-distro
diff --git a/harden_2ping.service.patch b/harden_2ping.service.patch
new file mode 100644
index 0000000..3a8b75e
--- /dev/null
+++ b/harden_2ping.service.patch
@@ -0,0 +1,16 @@
+Index: 2ping-4.5.1/2ping.service
+===================================================================
+--- 2ping-4.5.1.orig/2ping.service
++++ 2ping-4.5.1/2ping.service
+@@ -30,6 +30,11 @@ RestrictAddressFamilies=AF_NETLINK AF_IN
+ RestrictNamespaces=yes
+ RestrictRealtime=yes
+ RestrictSUIDSGID=yes
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectHostname=true
++ProtectClock=true
++# end of automatic additions 
+ User=nobody
+ 
+ [Install]