From 7e926feaa58a42a726d5674371aaea466d90331f0983d5681037a1b8e87988ce Mon Sep 17 00:00:00 2001
From: Martin Hauke <mardnh@gmx.de>
Date: Thu, 18 Nov 2021 19:37:13 +0000
Subject: [PATCH] Accepting request 932202 from
 home:jsegitz:branches:systemdhardening:network:utilities

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/932202
OBS-URL: https://build.opensuse.org/package/show/network:utilities/ser2net?expand=0&rev=32
---
 ser2net.changes |  6 ++++++
 ser2net.service | 11 +++++++++++
 2 files changed, 17 insertions(+)

diff --git a/ser2net.changes b/ser2net.changes
index d4d3e27..498f7f0 100644
--- a/ser2net.changes
+++ b/ser2net.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Nov 16 15:53:19 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * ser2net.service
+
 -------------------------------------------------------------------
 Sat Feb  6 21:28:46 UTC 2021 - Martin Hauke <mardnh@gmx.de>
 
diff --git a/ser2net.service b/ser2net.service
index 3021fb1..7dc8866 100644
--- a/ser2net.service
+++ b/ser2net.service
@@ -3,6 +3,17 @@ Description=Proxy that allows tcp connections to serial ports
 After=network.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 ExecStart=/usr/sbin/ser2net -n
 
 [Install]