https://bugzilla.suse.com/show_bug.cgi?id=1223071 Bug ID: 1223071 Summary: earlyoom 1.8-1.1 systemd service hardening incorrect value for IPAddressDeny Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs@suse.de Reporter: db@mail25.net QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- I've noticed earlyoom 1.8-1.1 received new hardening options in it's systemd service configuration but the IPAddressDeny seems to have an incorrect value. From the logs:

bal. 18 10:58:40 systemd[1]: /usr/lib/systemd/system/earlyoom.service:41: Invalid address prefix is specified in [Service] IPAddressDeny=, ignoring assignment: true

Right now it's IPAddressDeny=true but it's not a boolean, it should be a list of IPv4 and/or IPv6 addresses (or one of the symbolic names) as according to https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-con... I believe it should be IPAddressDeny=any since I don't think earlyoom needs any network access. -- You are receiving this mail because: You are on the CC list for the bug.