From: Arvin Schnell <aschnell@suse.de>
Date: Fri, 13 Oct 2023 06:57:25 +0000 (+0200)
Subject: - fix diff for lvm based configs (bsc#1216191)
X-Git-Tag: v0.10.7~11^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F840%2Fhead;p=thirdparty%2Fsnapper.git

- fix diff for lvm based configs (bsc#1216191)
---

diff --git a/data/snapperd.service b/data/snapperd.service
index 6dbda8c0..e27cc9f6 100644
--- a/data/snapperd.service
+++ b/data/snapperd.service
@@ -14,3 +14,4 @@ PrivateNetwork=true
 ProtectHostname=true
 RestrictAddressFamilies=AF_UNIX
 RestrictRealtime=true
+PrivateMounts=no
diff --git a/data/systemd-sandboxing.txt b/data/systemd-sandboxing.txt
index d475060f..b27fcae8 100644
--- a/data/systemd-sandboxing.txt
+++ b/data/systemd-sandboxing.txt
@@ -14,8 +14,8 @@ ProtectKernelModules=true breaks LVM.
 
 CapabilityBoundingSet=CAP_SYS_NICE is also needed by LVM.
 
-ProtectHome=true, ProtectControlGroups=true, ProtectKernelLogs=true
-and ProtectKernelTunables=true breaks diff for LVM.
+ProtectHome=true, ProtectControlGroups=true, ProtectKernelLogs=true,
+ProtectKernelTunables=true and PrivateMounts=yes breaks diff for LVM.
 
 SystemCallFilter=@mount breaks almost everything with older systemd,
 e.g. on SLE15 SP1.
diff --git a/package/snapper.changes b/package/snapper.changes
index 22c7b188..98bf49a8 100644
--- a/package/snapper.changes
+++ b/package/snapper.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Oct 13 08:56:18 CEST 2023 - aschnell@suse.com
+
+- fix diff for lvm based configs (bsc#1216191)
+
 -------------------------------------------------------------------
 Thu Sep 14 15:45:53 CEST 2023 - aschnell@suse.com