From 8a606b4bc18ac8d0b733e8eb78e4b4addf73b807 Mon Sep 17 00:00:00 2001 From: Arvin Schnell Date: Fri, 13 Oct 2023 08:57:25 +0200 Subject: [PATCH] - fix diff for lvm based configs (bsc#1216191) --- data/snapperd.service | 1 + data/systemd-sandboxing.txt | 4 ++-- package/snapper.changes | 5 +++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/data/snapperd.service b/data/snapperd.service index 6dbda8c0..e27cc9f6 100644 --- a/data/snapperd.service +++ b/data/snapperd.service @@ -14,3 +14,4 @@ PrivateNetwork=true ProtectHostname=true RestrictAddressFamilies=AF_UNIX RestrictRealtime=true +PrivateMounts=no diff --git a/data/systemd-sandboxing.txt b/data/systemd-sandboxing.txt index d475060f..b27fcae8 100644 --- a/data/systemd-sandboxing.txt +++ b/data/systemd-sandboxing.txt @@ -14,8 +14,8 @@ ProtectKernelModules=true breaks LVM. CapabilityBoundingSet=CAP_SYS_NICE is also needed by LVM. -ProtectHome=true, ProtectControlGroups=true, ProtectKernelLogs=true -and ProtectKernelTunables=true breaks diff for LVM. +ProtectHome=true, ProtectControlGroups=true, ProtectKernelLogs=true, +ProtectKernelTunables=true and PrivateMounts=yes breaks diff for LVM. SystemCallFilter=@mount breaks almost everything with older systemd, e.g. on SLE15 SP1. diff --git a/package/snapper.changes b/package/snapper.changes index 22c7b188..98bf49a8 100644 --- a/package/snapper.changes +++ b/package/snapper.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Oct 13 08:56:18 CEST 2023 - aschnell@suse.com + +- fix diff for lvm based configs (bsc#1216191) + ------------------------------------------------------------------- Thu Sep 14 15:45:53 CEST 2023 - aschnell@suse.com -- 2.47.3