Source: rsyslog Version: 8.2310.0-1 Severity: serious X-Debbugs-Cc: Richard Lewis <richard.lewis.deb...@googlemail.com>
The latest update of rsyslog enabled various systemd hardening and security features, specifically: CapabilityBoundingSet=CAP_BLOCK_SUSPEND CAP_CHOWN CAP_LEASE CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_RESOURCE CAP_SYSLOG SystemCallFilter=@system-service NoNewPrivileges=yes PrivateTmp=yes PrivateDevices=yes ProtectHome=yes ProtectSystem=full ProtectKernelTunables=yes ProtectKernelModules=yes ProtectClock=yes ProtectControlGroups=yes ProtectHostname=yes It turns out that `PrivateTmp=yes` breaks the logcheck autopkgtest. @Richard: as author of that test, could you please that a look at this issue. It currently prevents rsyslog from migrating to testing. https://qa.debian.org/excuses.php?package=rsyslog Regards, Michael
