Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mtail for openSUSE:Factory checked in at 2024-03-04 21:25:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mtail (Old) and /work/SRC/openSUSE:Factory/.mtail.new.1770 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mtail" Mon Mar 4 21:25:58 2024 rev:7 rq:1154717 version:3.0.0rc51 Changes: -------- --- /work/SRC/openSUSE:Factory/mtail/mtail.changes 2024-03-01 23:37:42.478020997 +0100 +++ /work/SRC/openSUSE:Factory/.mtail.new.1770/mtail.changes 2024-03-04 21:26:02.408363954 +0100 @@ -1,0 +2,10 @@ +Mon Feb 26 05:13:02 UTC 2024 - Georg Pfuetzenreuter <[email protected]> + +- Clean up service unit file + +------------------------------------------------------------------- +Mon Feb 26 05:02:29 UTC 2024 - Georg Pfuetzenreuter <[email protected]> + +- Support service reload + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mtail.service ++++++ --- /var/tmp/diff_new_pack.fPN8uh/_old 2024-03-04 21:26:02.964384129 +0100 +++ /var/tmp/diff_new_pack.fPN8uh/_new 2024-03-04 21:26:02.968384275 +0100 @@ -6,39 +6,41 @@ After=local-fs.target network.target [Service] -Type=simple User=mtail Group=mtail + EnvironmentFile=-/etc/sysconfig/mtail ExecStart=/usr/sbin/mtail $ARGS +ExecReload=/usr/bin/kill -1 $MAINPID Restart=always + # various hardening options -CapabilityBoundingSet= AmbientCapabilities= +CapabilityBoundingSet= +KeyringMode=private +LockPersonality=yes LockPersonality=yes +MemoryDenyWriteExecute=yes +MountFlags=private +NoNewPrivileges=yes +PrivateDevices=yes PrivateTmp=yes PrivateUsers=yes -PrivateDevices=yes -ProtectSystem=full +ProtectClock=yes +ProtectControlGroups=yes ProtectHome=yes ProtectHostname=yes -ProtectClock=yes +ProtectKernelLogs=yes ProtectKernelModules=yes ProtectKernelTunables=yes -ProtectControlGroups=yes -ProtectKernelLogs=yes -NoNewPrivileges=yes -MountFlags=private -MemoryDenyWriteExecute=yes +ProtectSystem=full RemoveIPC=yes -LockPersonality=yes -RestrictRealtime=yes +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX RestrictNamespaces=yes +RestrictRealtime=yes RestrictSUIDSGID=yes -KeyringMode=private SystemCallArchitectures=native -SystemCallFilter=@basic-io @file-system @io-event @ipc @network-io @signal clone madvise setrlimit tgkill uname -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +SystemCallFilter=@basic-io @file-system @io-event @ipc @network-io @signal clone kill madvise setrlimit tgkill uname [Install] WantedBy=multi-user.target
