From 41deaf30e98806c9439d57a11a856748b6311d6fbeb67394a0c6ca27597ed84c Mon Sep 17 00:00:00 2001
From: Clemens Famulla-Conrad <cfamullaconrad@suse.com>
Date: Mon, 10 Jan 2022 10:18:03 +0000
Subject: [PATCH] Accepting request 945228 from
 home:jsegitz:branches:systemdhardening:hardware

- Added hardening to systemd service(s) (bsc#1181400). Modified:
  * wpa_supplicant.service

OBS-URL: https://build.opensuse.org/request/show/945228
OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=129
---
 wpa_supplicant.changes |  6 ++++++
 wpa_supplicant.service | 11 +++++++++++
 2 files changed, 17 insertions(+)

diff --git a/wpa_supplicant.changes b/wpa_supplicant.changes
index 4b1a376..c69e074 100644
--- a/wpa_supplicant.changes
+++ b/wpa_supplicant.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Jan 10 08:27:51 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * wpa_supplicant.service
+
 -------------------------------------------------------------------
 Tue Apr  6 14:51:18 UTC 2021 - Clemens Famulla-Conrad <cfamullaconrad@suse.com>
 
diff --git a/wpa_supplicant.service b/wpa_supplicant.service
index 34d42d1..f7455b1 100644
--- a/wpa_supplicant.service
+++ b/wpa_supplicant.service
@@ -5,6 +5,17 @@ Before=network-pre.target
 Wants=network-pre.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=read-only
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=dbus
 BusName=fi.w1.wpa_supplicant1
 ExecStart=/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -t -f /var/log/wpa_supplicant.log