Bugzilla – Bug 1223071
earlyoom 1.8-1.1 systemd service hardening incorrect value for IPAddressDeny
Last modified: 2024-05-17 13:31:41 UTC
I've noticed earlyoom 1.8-1.1 received new hardening options in it's systemd service configuration but the IPAddressDeny seems to have an incorrect value. From the logs: > bal. 18 10:58:40 systemd[1]: /usr/lib/systemd/system/earlyoom.service:41: Invalid address prefix is specified in [Service] IPAddressDeny=, ignoring assignment: true Right now it's IPAddressDeny=true but it's not a boolean, it should be a list of IPv4 and/or IPv6 addresses (or one of the symbolic names) as according to https://www.freedesktop.org/software/systemd/man/latest/systemd.resource-control.html#IPAddressAllow=ADDRESS%5B/PREFIXLENGTH%5D%E2%80%A6 I believe it should be IPAddressDeny=any since I don't think earlyoom needs any network access.
I've found that the service configuration comes from upstream so I created a pull request there https://github.com/rfjakob/earlyoom/pull/312
Hi David, it seems you already submit fix for this bug report, so I assign it to you, please feel free to reassign whenever necessary, thanks.
Fixed in 1.8.2 - already in Tumbleweed.