Bug 1212692 - logwatch doesn't see /home
Summary: logwatch doesn't see /home
Status: IN_PROGRESS
Alias: None
Product: openSUSE Distribution
Classification: openSUSE
Component: Security (show other bugs)
Version: Leap 15.5
Hardware: SGI OpenVMS
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Philipp Thomas
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-06-25 22:30 UTC by Martin Schröder
Modified: 2023-07-20 13:05 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Schröder 2023-06-25 22:30:21 UTC 
This might be related to bug 1194031:

Since upgrading from 15.4 to 15.5, logwatch (and munin, see Bug 1212676) doesn't show stats for /home in the Disk Space section.

15.4:

 Filesystem                      Size  Used Avail Use% Mounted on
 devtmpfs                        4.0M  8.0K  4.0M   1% /dev
 /dev/mapper/system-root          63G   33G   30G  53% /
 /dev/sde1                       240M  136M   88M  61% /boot
 /dev/mapper/system-space         63G  8.1G   54G  13% /space
 /dev/mapper/raid-backup         706G  672G   35G  96% /raid/backup
 /dev/mapper/raid-raid           9.9T  9.7T  235G  98% /raid/raid
 /dev/mapper/raid-nelson--home   8.0G  7.9G  166M  98% /raid/nelson/home
 /dev/mapper/raid-nelson--space   90G   90G   43M 100% /raid/nelson/space
 /dev/mapper/raid-nelson--root    12G   12G  569M  96% /raid/nelson/root
 /dev/mapper/system-home          63G   17G   46G  28% /home

15.5:

 Filesystem                      Size  Used Avail Use% Mounted on
 /dev/mapper/system-root          63G   33G   30G  53% /
 /dev/sde1                       240M  157M   67M  71% /boot
 /dev/mapper/system-space         63G  4.3G   58G   7% /space
 /dev/mapper/raid-backup         706G  673G   33G  96% /raid/backup
 /dev/mapper/raid-raid           9.9T  9.7T  229G  98% /raid/raid
 /dev/mapper/raid-nelson--root    12G   12G  569M  96% /raid/nelson/root
 /dev/mapper/raid-nelson--space   90G   90G   43M 100% /raid/nelson/space
 /dev/mapper/raid-nelson--home   8.0G  7.9G  166M  98% /raid/nelson/home
Comment 1 Martin Schröder 2023-07-07 14:11:43 UTC 
Cause: logwatch runs with ProtectHome=true.

Solution:
sudo systemctl edit logwatch.service

and add

[Service]
ProtectHome=read-only

See also bug 1212676
Comment 2 Matthias Gerstner 2023-07-10 09:11:25 UTC 
Johannes provided the systemd hardenings for the package that cause this
effect. Adding the package maintainers and Johannes to the bug.

Why the read-only setting for /home causes the failure to present disk space
statistics is not clear to me right away though. Maybe something that can be
improved in logwatch to make it compatible with this setting.
Comment 3 Martin Schröder 2023-07-10 18:11:27 UTC 
(In reply to Matthias Gerstner from comment #2)
> Why the read-only setting for /home causes the failure to present disk space
> statistics is not clear to me right away though. Maybe something that can be
> improved in logwatch to make it compatible with this setting.

It works with "read-only". But it ships with "true" which causes this bug.
Comment 4 Johannes Segitz 2023-07-11 06:25:54 UTC 
I intentionally didn't set it ot read only as this is still exposing a lot of sensitive information. But it seems there's not better way to do this and still keep some of the benefit. I'll submit for this
Comment 5 OBSbugzilla Bot 2023-07-12 08:35:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1212692) was mentioned in
https://build.opensuse.org/request/show/1098319 Backports:SLE-15-SP5 / logwatch
Comment 6 Johannes Segitz 2023-07-12 08:39:02 UTC 
I submitted for 15.5 and Factory
Comment 7 Marcus Meissner 2023-07-20 13:05:22 UTC 
openSUSE-RU-2023:0185-1: An update that has one recommended fix can now be installed.\n\nCategory: recommended (moderate)\nBug References: 1212692\nCVE References: \nJIRA References: \nSources used:\nopenSUSE Backports SLE-15-SP5 (src):    logwatch-7.7-bp155.2.3.1\n\n