From b0088c91c600b62210e65360b95ce19ce5287ca78b530b4d5f0345e475d9ae43 Mon Sep 17 00:00:00 2001
From: Michael Vetter <jubalh@iodoru.org>
Date: Thu, 11 Nov 2021 11:44:43 +0000
Subject: [PATCH] Accepting request 930834 from
 home:jsegitz:branches:systemdhardening:Base:System

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/930834
OBS-URL: https://build.opensuse.org/package/show/Base:System/powertop?expand=0&rev=74
---
 powertop.changes |  6 ++++++
 powertop.service | 12 ++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/powertop.changes b/powertop.changes
index 8ab9f8a..5590d88 100644
--- a/powertop.changes
+++ b/powertop.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Nov 11 09:41:32 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * powertop.service
+
 -------------------------------------------------------------------
 Sun Jun  6 13:14:31 UTC 2021 - Dirk Müller <dmueller@suse.com>
 
diff --git a/powertop.service b/powertop.service
index 4ac8f1a..9df22db 100644
--- a/powertop.service
+++ b/powertop.service
@@ -2,6 +2,18 @@
 Description=Extend the battery life of laptop
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=oneshot
 ExecStart=/usr/sbin/powertop --auto-tune