From 4f0f531b7b6f5530eecba37895aa56235679ac3be402bd506acecdbceda08854 Mon Sep 17 00:00:00 2001
From: Thomas Renninger <trenn@suse.com>
Date: Mon, 9 Aug 2021 08:30:04 +0000
Subject: [PATCH] Accepting request 908801 from
 home:jsegitz:branches:systemdhardening:Base:System

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/908801
OBS-URL: https://build.opensuse.org/package/show/Base:System/acpid?expand=0&rev=100
---
 acpid.changes | 6 ++++++
 acpid.service | 8 ++++++++
 2 files changed, 14 insertions(+)

diff --git a/acpid.changes b/acpid.changes
index b79755f..5e7bf26 100644
--- a/acpid.changes
+++ b/acpid.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Jul 27 14:19:54 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s). Modified:
+  * acpid.service
+
 -------------------------------------------------------------------
 Mon Jan  4 13:11:47 UTC 2021 - Dirk Müller <dmueller@suse.com>
 
diff --git a/acpid.service b/acpid.service
index 407bb9d..5695f24 100644
--- a/acpid.service
+++ b/acpid.service
@@ -2,6 +2,14 @@
 Description=ACPI Event Daemon
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
 
 ExecStart=/usr/sbin/acpid -n -f
 ExecReload=/bin/kill -s HUP $MAINPID