From 0c3176bfecea587f2a52affea4ca4b103907347a80d729fac6c6e609adc271e0 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@inai.de>
Date: Fri, 15 Oct 2021 16:58:47 +0000
Subject: [PATCH] Accepting request 925353 from
 home:jsegitz:branches:systemdhardening:utilities

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/925353
OBS-URL: https://build.opensuse.org/package/show/utilities/parkverbot?expand=0&rev=22
---
 harden_parkverbot.service.patch | 22 ++++++++++++++++++++++
 parkverbot.changes              |  6 ++++++
 parkverbot.spec                 |  1 +
 3 files changed, 29 insertions(+)
 create mode 100644 harden_parkverbot.service.patch

diff --git a/harden_parkverbot.service.patch b/harden_parkverbot.service.patch
new file mode 100644
index 0000000..76c21ee
--- /dev/null
+++ b/harden_parkverbot.service.patch
@@ -0,0 +1,22 @@
+Index: parkverbot-1.3/src/parkverbot.service
+===================================================================
+--- parkverbot-1.3.orig/src/parkverbot.service
++++ parkverbot-1.3/src/parkverbot.service
+@@ -2,6 +2,17 @@
+ Description=Hard disk head parking inhibitor
+ 
+ [Service]
++# added automatically, for details please see
++# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
++ProtectSystem=full
++ProtectHome=true
++ProtectHostname=true
++ProtectKernelTunables=true
++ProtectKernelModules=true
++ProtectKernelLogs=true
++ProtectControlGroups=true
++RestrictRealtime=true
++# end of automatic additions 
+ EnvironmentFile=/etc/sysconfig/parkverbot
+ ExecStart=/usr/sbin/parkverbot $PARKVERBOT_DISKS
+ Restart=on-abort
diff --git a/parkverbot.changes b/parkverbot.changes
index b9cfd54..1c5850f 100644
--- a/parkverbot.changes
+++ b/parkverbot.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Oct 14 10:40:22 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
+  * harden_parkverbot.service.patch
+
 -------------------------------------------------------------------
 Fri Sep  4 13:10:46 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/parkverbot.spec b/parkverbot.spec
index 8a907da..5e61d62 100644
--- a/parkverbot.spec
+++ b/parkverbot.spec
@@ -28,6 +28,7 @@ URL:            https://inai.de/projects/parkverbot/
 Source:         https://inai.de/files/parkverbot/%name-%version.tar.xz
 Source2:        https://inai.de/files/parkverbot/%name-%version.tar.asc
 Source3:        %name.keyring
+Patch0:	harden_parkverbot.service.patch
 BuildRequires:  pkg-config >= 0.23
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  xz