Overview
Request 945357 accepted
- ship README.suse that explains how to use the template systemd units
- add user writable bit for systemd service and socket files
- properly handle state directory creation in /run/watchman/$USER-state. The
former approach was susceptible to a local privilege escalation using
symlinks (CVE-2022-21944, bsc#1194470).
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* watchman@.service
Request History
mgerstner created request
- ship README.suse that explains how to use the template systemd units
- add user writable bit for systemd service and socket files
- properly handle state directory creation in /run/watchman/$USER-state. The
former approach was susceptible to a local privilege escalation using
symlinks (CVE-2022-21944, bsc#1194470).
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* watchman@.service
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
dimstar_suse added as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:adi:47"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:adi:47"
licensedigger accepted review
ok
dimstar accepted review
dimstar_suse accepted review
Staging Project openSUSE:Factory:Staging:adi:47 got accepted.
dimstar_suse approved review
Staging Project openSUSE:Factory:Staging:adi:47 got accepted.
dimstar_suse accepted request
Staging Project openSUSE:Factory:Staging:adi:47 got accepted.