From 8f3b5d507767f1380a166d7e6b6509263c41f9de03be82a43f239893e411babb Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dleuenberger@suse.com>
Date: Mon, 11 Oct 2021 13:30:25 +0000
Subject: [PATCH] Accepting request 923514 from devel:tools:scm

OBS-URL: https://build.opensuse.org/request/show/923514
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=267
---
 git-daemon.service | 12 ++++++++++++
 git.changes        |  6 ++++++
 2 files changed, 18 insertions(+)

diff --git a/git-daemon.service b/git-daemon.service
index 3cbec5d..e8f257b 100644
--- a/git-daemon.service
+++ b/git-daemon.service
@@ -2,6 +2,18 @@
 Description=Start Git Daemon
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 EnvironmentFile=-/etc/sysconfig/git-daemon
 ExecStart=/bin/bash -c 'exec git daemon --reuseaddr --base-path=$${GIT_DAEMON_BASE_PATH:-/srv/git/} --user=$${GIT_DAEMON_USER:-git-daemon} --group=$${GIT_DAEMON_GROUP:-nogroup} $GIT_DAEMON_ARGS'
 
diff --git a/git.changes b/git.changes
index fafd8f8..0c0cde5 100644
--- a/git.changes
+++ b/git.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Sep 20 08:33:11 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * git-daemon.service
+
 -------------------------------------------------------------------
 Sat Aug 21 07:19:13 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>