Overview

File harden_gerbera.service.patch of Package gerbera

diff -purN gerbera-3.0.0.orig/scripts/systemd/gerbera.service.cmake gerbera-3.0.0/scripts/systemd/gerbera.service.cmake
--- gerbera-3.0.0.orig/scripts/systemd/gerbera.service.cmake	2025-11-07 11:18:57.000000000 +0100
+++ gerbera-3.0.0/scripts/systemd/gerbera.service.cmake	2025-11-08 22:21:21.672927906 +0100
@@ -4,6 +4,20 @@ After=${SYSTEMD_AFTER_TARGET}
 Wants=${SYSTEMD_WANTS_TARGET}
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=true
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+ReadWritePaths=/usr/share/gerbera/ /etc/gerbera/ /var/log/gerbera
+# end of automatic additions 
 Type=simple
 NotifyAccess=all
 User=gerbera
openSUSE Build Service is sponsored by
Places