File harden_chronyd.service.patch of Package chrony.23349
--- examples/chronyd.service.orig
+++ examples/chronyd.service
@@ -18,6 +18,15 @@ ExecStartPost=@CHRONY_HELPER@ update-dae
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectHostname=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+DeviceAllow=char-rtc
+DeviceAllow=char-ptp
+# end of automatic additions
[Install]
WantedBy=multi-user.target