Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mlocate for openSUSE:Factory checked in at 2021-10-15 23:03:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mlocate (Old) and /work/SRC/openSUSE:Factory/.mlocate.new.1890 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mlocate" Fri Oct 15 23:03:58 2021 rev:28 rq:925265 version:0.26 Changes: -------- --- /work/SRC/openSUSE:Factory/mlocate/mlocate.changes 2020-09-14 12:29:13.885133205 +0200 +++ /work/SRC/openSUSE:Factory/.mlocate.new.1890/mlocate.changes 2021-10-15 23:04:24.378116400 +0200 @@ -1,0 +2,6 @@ +Wed Oct 6 14:16:25 UTC 2021 - Johannes Segitz <[email protected]> + +- Added hardening to systemd service(s) (bsc#1181400). Modified: + * mlocate.service + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mlocate.service ++++++ --- /var/tmp/diff_new_pack.Ddkx2D/_old 2021-10-15 23:04:24.862116746 +0200 +++ /var/tmp/diff_new_pack.Ddkx2D/_new 2021-10-15 23:04:24.866116749 +0200 @@ -3,6 +3,19 @@ Documentation=man:updatedb [Service] +# added automatically, for details please see +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort +ProtectSystem=full +ProtectHome=read-only +PrivateDevices=true +ProtectHostname=true +ProtectClock=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectKernelLogs=true +ProtectControlGroups=true +RestrictRealtime=true +# end of automatic additions Type=oneshot ExecStart=/bin/sh -c \ "chown -R ${RUN_UPDATEDB_AS}:root /var/lib/mlocate && \
