3188edb86f
- Update to 3.21.0:
* add ignoreduplicates directive to allow duplicate file matches
* add --wait-for-state-lock option to wait for lock on the state file
* avoid failure when an anonymous non-privileged user runs logrotate
* support home dir expansion in olddir
* reduce unnecessary rename operations with start N where N > 1
* unify handling of log levels
* do not print error: when exit code is unaffected
- Replace the vendor config logic:
* Remove logrotate-vendor-dir.patch and the code from logrotate.service
(also addresses boo#1202406)
* Add a wrapper script which collects all config files in the right
order
- Create logrotate.keyring with kdudka's public key
- Drop logrotate-rpmlintrc: rpmlint doesn't look at /usr/etc/logrotate.d/,
so the false positive doesn't trigger.
OBS-URL: https://build.opensuse.org/request/show/1060601
OBS-URL: https://build.opensuse.org/package/show/Base:System/logrotate?expand=0&rev=106
36 lines
877 B
Desktop File
36 lines
877 B
Desktop File
[Unit]
|
|
Description=Rotate log files
|
|
Documentation=man:logrotate(8) man:logrotate.conf(5)
|
|
RequiresMountsFor=/var/log
|
|
ConditionACPower=true
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=/usr/sbin/logrotate-all
|
|
|
|
# performance options
|
|
Nice=19
|
|
IOSchedulingClass=best-effort
|
|
IOSchedulingPriority=7
|
|
Environment=HOME=/root
|
|
|
|
# hardening options
|
|
# details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
|
# no ProtectHome for userdir logs
|
|
# no PrivateNetwork for mail deliviery
|
|
# no NoNewPrivileges for third party rotate scripts
|
|
# no RestrictSUIDSGID for creating setgid directories
|
|
LockPersonality=true
|
|
MemoryDenyWriteExecute=true
|
|
PrivateDevices=true
|
|
PrivateTmp=true
|
|
ProtectClock=true
|
|
ProtectControlGroups=true
|
|
ProtectHostname=true
|
|
ProtectKernelLogs=true
|
|
ProtectKernelModules=true
|
|
ProtectKernelTunables=true
|
|
ProtectSystem=full
|
|
RestrictNamespaces=true
|
|
RestrictRealtime=true
|