From cb9ae4efcda4fd96cbf0991c423b4f1c3325022e04adfd0c3abdd5acd43ba476 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Sat, 16 Oct 2021 09:20:50 +0000
Subject: [PATCH] Accepting request 908800 from
 home:jsegitz:branches:systemdhardening:Base:System

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/908800
OBS-URL: https://build.opensuse.org/package/show/Base:System/acct?expand=0&rev=64
---
 acct.changes |  6 ++++++
 acct.service | 11 +++++++++++
 acct.spec    |  4 ++--
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/acct.changes b/acct.changes
index 5449857..16005f1 100644
--- a/acct.changes
+++ b/acct.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Jul 27 11:54:39 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s). Modified:
+  * acct.service
+
 -------------------------------------------------------------------
 Sun Mar 17 10:55:00 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/acct.service b/acct.service
index 1948dd6..f560486 100644
--- a/acct.service
+++ b/acct.service
@@ -3,6 +3,17 @@ Description=Process accounting
 Documentation=man:accton(8)
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
 Type=oneshot
 RemainAfterExit=true
 ExecStartPre=/usr/bin/chmod 600 /var/log/account/pacct
diff --git a/acct.spec b/acct.spec
index 445e429..0b89a2f 100644
--- a/acct.spec
+++ b/acct.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package acct
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@ Release:        0
 Summary:        User-Specific Process Accounting
 License:        GPL-2.0-or-later
 Group:          System/Base
-Url:            https://www.gnu.org/software/acct/
+URL:            https://www.gnu.org/software/acct/
 Source:         https://ftp.gnu.org/gnu/acct/%{name}-%{version}.tar.gz
 Source1:        acct.service
 Source2:        logrotate.acct