pool/logrotate
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
30d4458bdc
logrotate/logrotate.service
Dirk Mueller ed27dade68 Accepting request 957379 from home:schubi2 
- Added own logrotate.service file in order to define a new order
  of parsed config files:
  /usr/etc/logrotate.conf   Default configuration file defined by
                            the vendor.
  /usr/etc/logrotate.d/*    Directory for additional configuration
                            files defined by the vendor.
  /etc/logrotate.conf       Default configuration file defined by
                            the administrator. (optional)
  /etc/logrotate.d/*        Directory for additional configuration
                            files defined by the administrator.
                            (optional)
- New logrotate.service includes logrotate-3.19.0-systemd_add_home_env
  patch.
- Adapted man page: logrotate-3.19.0-man_logrotate.patch

OBS-URL: https://build.opensuse.org/request/show/957379
OBS-URL: https://build.opensuse.org/package/show/Base:System/logrotate?expand=0&rev=94
2022-03-03 10:13:28 +00:00

40 lines
1.3 KiB
Desktop File
Raw Blame History

[Unit]
Description=Rotate log files
Documentation=man:logrotate(8) man:logrotate.conf(5)
RequiresMountsFor=/var/log
ConditionACPower=true
[Service]
Type=oneshot
ExecStartPre=/bin/sh -c "/usr/bin/systemctl set-environment etc_conf=" ; \
/bin/sh -c "if [ -f /etc/logrotate.conf ]; then /usr/bin/systemctl set-environment etc_conf=/etc/logrotate.conf; fi" ; \
/bin/sh -c "/usr/bin/systemctl set-environment etc_dir=" ; \
/bin/sh -c "if [ -d /etc/logrotate.d ]; then /usr/bin/systemctl set-environment etc_dir=/etc/logrotate.d; fi"
ExecStart=/bin/sh -c "/usr/sbin/logrotate /usr/etc/logrotate.conf ${etc_conf} ${etc_dir}"
# performance options
Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7
Environment=HOME=/root
# hardening options
# details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
# no ProtectHome for userdir logs
# no PrivateNetwork for mail deliviery
# no NoNewPrivileges for third party rotate scripts
# no RestrictSUIDSGID for creating setgid directories
LockPersonality=true
MemoryDenyWriteExecute=true
PrivateDevices=true
PrivateTmp=true
ProtectClock=true
ProtectControlGroups=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=full
RestrictNamespaces=true
RestrictRealtime=true
Reference in New Issue View Git Blame Copy Permalink