From 2731001218efa0007bd619d17903f4c74e011bbf9a86608ae253d71daceb89d9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20Str=C3=B6der?= <michael@stroeder.com>
Date: Fri, 22 Oct 2021 09:07:48 +0000
Subject: [PATCH] Accepting request 926889 from
 home:jsegitz:branches:server:mail

- Ensure service can write to /etc/postfix

OBS-URL: https://build.opensuse.org/request/show/926889
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=428
---
 harden_postfix.service.patch | 3 ++-
 postfix-bdb.changes          | 5 +++++
 postfix.changes              | 5 +++++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/harden_postfix.service.patch b/harden_postfix.service.patch
index 4e3a4c0..434f5b0 100644
--- a/harden_postfix.service.patch
+++ b/harden_postfix.service.patch
@@ -2,13 +2,14 @@ Index: postfix-3.6.2/postfix-SUSE/postfix.service
 ===================================================================
 --- postfix-3.6.2.orig/postfix-SUSE/postfix.service
 +++ postfix-3.6.2/postfix-SUSE/postfix.service
-@@ -19,6 +19,19 @@ After=amavis.service mysql.service cyrus
+@@ -19,6 +19,20 @@ After=amavis.service mysql.service cyrus
  Conflicts=sendmail.service exim.service
  
  [Service]
 +# added automatically, for details please see
 +# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
 +ProtectSystem=full
++ReadWritePaths=/etc/postfix
 +ProtectHome=true
 +PrivateDevices=true
 +ProtectHostname=true
diff --git a/postfix-bdb.changes b/postfix-bdb.changes
index 3bdbcbc..16c1e3b 100644
--- a/postfix-bdb.changes
+++ b/postfix-bdb.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Oct 22 08:46:19 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Ensure service can write to /etc/postfix
+
 -------------------------------------------------------------------
 Thu Oct 21 15:39:55 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
 
diff --git a/postfix.changes b/postfix.changes
index 3bf43ff..9ff4540 100644
--- a/postfix.changes
+++ b/postfix.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Oct 22 08:46:19 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
+
+- Ensure service can write to /etc/postfix
+
 -------------------------------------------------------------------
 Thu Oct 21 15:39:55 UTC 2021 - Johannes Segitz <jsegitz@suse.com>