Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package logwatch for openSUSE:Factory checked in at 2023-07-28 22:20:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/logwatch (Old) and /work/SRC/openSUSE:Factory/.logwatch.new.32662 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "logwatch" Fri Jul 28 22:20:36 2023 rev:50 rq:1101161 version:7.8 Changes: -------- --- /work/SRC/openSUSE:Factory/logwatch/logwatch.changes 2023-07-06 18:29:32.747462772 +0200 +++ /work/SRC/openSUSE:Factory/.logwatch.new.32662/logwatch.changes 2023-07-28 22:20:40.085309509 +0200 @@ -1,0 +2,6 @@ +Wed Jul 12 06:51:49 UTC 2023 - Johannes Segitz <jseg...@suse.com> + +- Make home directories read only instead of hiding them completely + (bsc#1212692) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ harden_logwatch.service.patch ++++++ --- /var/tmp/diff_new_pack.zE1TpN/_old 2023-07-28 22:20:40.845314128 +0200 +++ /var/tmp/diff_new_pack.zE1TpN/_new 2023-07-28 22:20:40.849314152 +0200 @@ -1,7 +1,7 @@ -Index: logwatch-7.5.5/scheduler/logwatch.service +Index: logwatch-7.8/scheduler/logwatch.service =================================================================== ---- logwatch-7.5.5.orig/scheduler/logwatch.service -+++ logwatch-7.5.5/scheduler/logwatch.service +--- logwatch-7.8.orig/scheduler/logwatch.service ++++ logwatch-7.8/scheduler/logwatch.service @@ -4,6 +4,18 @@ Documentation=man:logwatch(8) man:logwat Before=logrotate.service @@ -9,7 +9,7 @@ +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full -+ProtectHome=true ++ProtectHome=read-only +PrivateDevices=true +ProtectHostname=true +ProtectClock=true @@ -17,7 +17,7 @@ +ProtectKernelModules=true +ProtectControlGroups=true +RestrictRealtime=true -+# end of automatic additions ++# end of automatic additions Type=oneshot # This first EnvironmentFile has the Logwatch default variables EnvironmentFile=-/usr/share/logwatch/default.conf/systemd.conf ++++++ harden_logwatch_dmeventd.service.patch ++++++ --- /var/tmp/diff_new_pack.zE1TpN/_old 2023-07-28 22:20:40.861314225 +0200 +++ /var/tmp/diff_new_pack.zE1TpN/_new 2023-07-28 22:20:40.865314250 +0200 @@ -1,7 +1,7 @@ -Index: logwatch-7.5.5/Logwatch_Setup_Files/logwatch_dmeventd.service +Index: logwatch-7.8/Logwatch_Setup_Files/logwatch_dmeventd.service =================================================================== ---- logwatch-7.5.5.orig/Logwatch_Setup_Files/logwatch_dmeventd.service -+++ logwatch-7.5.5/Logwatch_Setup_Files/logwatch_dmeventd.service +--- logwatch-7.8.orig/Logwatch_Setup_Files/logwatch_dmeventd.service ++++ logwatch-7.8/Logwatch_Setup_Files/logwatch_dmeventd.service @@ -22,6 +22,18 @@ Description=Log analyzer and reporter, s Documentation=man:logwatch(8) man:logwatch.conf(5) @@ -9,7 +9,7 @@ +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full -+ProtectHome=true ++ProtectHome=read-only +PrivateDevices=true +ProtectHostname=true +ProtectClock=true @@ -17,7 +17,7 @@ +ProtectKernelModules=true +ProtectControlGroups=true +RestrictRealtime=true -+# end of automatic additions ++# end of automatic additions User=root Type=oneshot ExecStart=/usr/sbin/logwatch --service dmeventd
