Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sendmail for openSUSE:Factory checked in at 2021-11-20 22:47:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sendmail (Old) and /work/SRC/openSUSE:Factory/.sendmail.new.1895 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sendmail" Sat Nov 20 22:47:49 2021 rev:109 rq:932215 version:8.17.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/sendmail/sendmail.changes 2021-07-18 23:45:09.518949361 +0200 +++ /work/SRC/openSUSE:Factory/.sendmail.new.1895/sendmail.changes 2021-11-20 22:48:02.623859551 +0100 @@ -1,0 +2,7 @@ +Tue Nov 16 15:35:19 UTC 2021 - Johannes Segitz <jseg...@suse.com> + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * sendmail-client.service + * sendmail.service + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sendmail-client.service ++++++ --- /var/tmp/diff_new_pack.bzkBTJ/_old 2021-11-20 22:48:04.435853547 +0100 +++ /var/tmp/diff_new_pack.bzkBTJ/_new 2021-11-20 22:48:04.435853547 +0100 @@ -19,6 +19,19 @@ ConditionDirectoryNotEmpty=|/var/spool/clientmqueue [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=read-only +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking Restart=on-success PIDFile=/var/spool/clientmqueue/sm-client.pid ++++++ sendmail.service ++++++ --- /var/tmp/diff_new_pack.bzkBTJ/_old 2021-11-20 22:48:04.503853322 +0100 +++ /var/tmp/diff_new_pack.bzkBTJ/_new 2021-11-20 22:48:04.507853308 +0100 @@ -25,6 +25,19 @@ Conflicts=postfix.service exim.service [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=read-only +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=forking Restart=on-success PIDFile=/var/run/sendmail.pid
