Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package munin for openSUSE:Factory checked in at 2021-10-31 22:55:34
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/munin (Old)
and /work/SRC/openSUSE:Factory/.munin.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "munin"
Sun Oct 31 22:55:34 2021 rev:25 rq:928142 version:2.0.66
Changes:
--------
--- /work/SRC/openSUSE:Factory/munin/munin.changes 2021-03-10 08:49:51.890431282 +0100
+++ /work/SRC/openSUSE:Factory/.munin.new.1890/munin.changes 2021-10-31 22:56:15.247726464 +0100
@@ -1,0 +2,9 @@
+Thu Oct 7 10:26:31 UTC 2021 - Johannes Segitz
+
+- Added hardening to systemd service(s) (bsc#1181400). Modified:
+ * munin-cgi-graph.service
+ * munin-cgi-html.service
+ * munin-cron.service
+ * munin-node.service
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ munin-cgi-graph.service ++++++
--- /var/tmp/diff_new_pack.ujqbgC/_old 2021-10-31 22:56:15.755726854 +0100
+++ /var/tmp/diff_new_pack.ujqbgC/_new 2021-10-31 22:56:15.755726854 +0100
@@ -3,6 +3,19 @@
Requires=network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
ExecStart=/usr/bin/spawn-fcgi -s /var/run/munin/munin-cgi-graph.sock -P /var/run/munin/munin-cgi-graph.pid -u munin -g munin -M 0770 -U munin -G www /srv/www/cgi-bin/munin-cgi-graph
PIDFile=/var/run/munin/munin-cgi-graph.pid
++++++ munin-cgi-html.service ++++++
--- /var/tmp/diff_new_pack.ujqbgC/_old 2021-10-31 22:56:15.771726866 +0100
+++ /var/tmp/diff_new_pack.ujqbgC/_new 2021-10-31 22:56:15.775726870 +0100
@@ -3,6 +3,19 @@
Requires=network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
ExecStart=/usr/bin/spawn-fcgi -s /var/run/munin/munin-cgi-html.sock -P /var/run/munin/munin-cgi-html.pid -u munin -g munin -M 0770 -U munin -G www /srv/www/cgi-bin/munin-cgi-html
PIDFile=/var/run/munin/munin-cgi-html.pid
++++++ munin-cron.service ++++++
--- /var/tmp/diff_new_pack.ujqbgC/_old 2021-10-31 22:56:15.787726879 +0100
+++ /var/tmp/diff_new_pack.ujqbgC/_new 2021-10-31 22:56:15.791726882 +0100
@@ -3,6 +3,19 @@
Documentation=man:munin-cron(8)
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=oneshot
User=munin
ExecStart=/usr/bin/munin-cron
++++++ munin-node.service ++++++
--- /var/tmp/diff_new_pack.ujqbgC/_old 2021-10-31 22:56:15.831726913 +0100
+++ /var/tmp/diff_new_pack.ujqbgC/_new 2021-10-31 22:56:15.831726913 +0100
@@ -3,6 +3,19 @@
Requires=network.target
[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
Type=forking
ExecStart=/usr/sbin/munin-node
ExecStartPre=/usr/bin/mkdir -p /var/run/munin/