From 8f88e168278fc46deeebb966e7354233939e539ca0478ab89e5edb803b3ab8ca Mon Sep 17 00:00:00 2001
From: Martin Hauke <mardnh@gmx.de>
Date: Wed, 12 Jan 2022 14:10:46 +0000
Subject: [PATCH] Accepting request 945223 from
 home:jsegitz:branches:systemdhardening:network

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/945223
OBS-URL: https://build.opensuse.org/package/show/network/wrapsix?expand=0&rev=4
---
 wrapsix.changes |  6 ++++++
 wrapsix.service | 11 +++++++++++
 2 files changed, 17 insertions(+)

diff --git a/wrapsix.changes b/wrapsix.changes
index 7271432..0dbb79b 100644
--- a/wrapsix.changes
+++ b/wrapsix.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Jan  5 11:48:46 UTC 2022 - Johannes Segitz <jsegitz@suse.com>
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+  * wrapsix.service
+
 -------------------------------------------------------------------
 Thu Dec  6 21:06:36 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
 
diff --git a/wrapsix.service b/wrapsix.service
index d2851d7..872b25e 100644
--- a/wrapsix.service
+++ b/wrapsix.service
@@ -4,6 +4,17 @@ After=syslog.target
 WantedBy=network.target
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=simple
 ExecStart=/usr/sbin/wrapsix /etc/wrapsix.conf