while it should fix https://bugzilla.redhat.com/show_bug.cgi?id=1856273 as side-effect this update breaks everything left and right looks like now you apply User/Group too early and try to set security options *fater+ that which is completly broken ------------------------ [root@testserver:~]$ cat /usr/lib/systemd/system/monitor-dbmail-lmtpd.service [Unit] Description=monitor dbmail-lmtpd After=dbmail-lmtpd.service [Service] Type=simple ExecStart=/usr/bin/php -n -d display_errors=1 -d display_startup_errors=1 -d error_log=/Volumes/dune/www-servers/_logs/php_error.log /usr/bin/check-dbmail-service.php 24 dbmail-lmtpd Restart=always RestartSec=5 TimeoutSec=5 Nice=19 IOSchedulingClass=3 UMask=077 User=dbmail Group=dbmail AmbientCapabilities=CAP_KILL CapabilityBoundingSet=CAP_KILL LockPersonality=yes MemoryDenyWriteExecute=yes NoNewPrivileges=yes PrivateDevices=yes PrivateTmp=yes ProtectClock=yes ProtectControlGroups=yes ProtectHome=yes ProtectHostname=yes ProtectKernelLogs=yes ProtectKernelModules=yes ProtectKernelTunables=yes RemoveIPC=yes RestrictNamespaces=yes RestrictRealtime=yes RestrictSUIDSGID=yes SystemCallArchitectures=native SystemCallFilter=@system-service @network-io @privileged SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @resources @swap ProtectSystem=strict ReadWritePaths=-/run ReadWritePaths=-/tmp ReadWritePaths=-/var/tmp ReadWritePaths=-/var/log ReadWritePaths=-/Volumes/dune/www-servers/_logs InaccessiblePaths=-/boot InaccessiblePaths=-/efi InaccessiblePaths=-/home InaccessiblePaths=-/var/lib/rpm InaccessiblePaths=-/var/lib/dnf InaccessiblePaths=-/var/spool [Install] WantedBy=multi-user.target [root@testserver:~]$ ------------------------ 21 13:06:27 testserver systemd[1735]: monitor-dbmail-lmtpd.service: Failed at step SECUREBITS spawning /usr/bin/php: Operation not permitted Sep 21 13:06:27 testserver systemd[1]: monitor-dbmail-imapd.service: Main process exited, code=exited, status=213/SECUREBITS Sep 21 13:06:27 testserver systemd[1736]: monitor-dbmail-pop3d.service: Failed at step SECUREBITS spawning /usr/bin/php: Operation not permitted Sep 21 13:06:27 testserver systemd[1]: monitor-dbmail-lmtpd.service: Main process exited, code=exited, status=213/SECUREBITS Sep 21 13:06:27 testserver systemd[1]: monitor-dbmail-pop3d.service: Main process exited, code=exited, status=213/SECUREBITS Sep 21 13:06:28 testserver systemd[1733]: httpd.service: Failed at step SECUREBITS spawning /usr/sbin/httpd: Operation not permitted Sep 21 13:06:28 testserver systemd[1]: httpd.service: Main process exited, code=exited, status=213/SECUREBITS Sep 21 13:06:30 testserver systemd[1745]: httpd.service: Failed at step SECUREBITS spawning /usr/sbin/httpd: Operation not permitted Sep 21 13:06:30 testserver systemd[1]: httpd.service: Main process exited, code=exited, status=213/SECUREBITS Sep 21 13:06:32 testserver systemd[1751]: monitor-dbmail-imapd.service: Failed at step SECUREBITS spawning /usr/bin/php: Operation not permitted Sep 21 13:06:32 testserver systemd[1752]: monitor-dbmail-lmtpd.service: Failed at step SECUREBITS spawning /usr/bin/php: Operation not permitted Sep 21 13:06:32 testserver systemd[1]: monitor-dbmail-imapd.service: Main process exited, code=exited, status=213/SECUREBITS Sep 21 13:06:32 testserver systemd[1]: monitor-dbmail-lmtpd.service: Main process exited, code=exited, status=213/SECUREBITS Sep 21 13:06:32 testserver systemd[1753]: monitor-dbmail-pop3d.service: Failed at step SECUREBITS spawning /usr/bin/php: Operation not permitted Sep 21 13:06:32 testserver systemd[1]: monitor-dbmail-pop3d.service: Main process exited, code=exited, status=213/SECUREBITS Sep 21 13:06:33 testserver systemd[1748]: httpd.service: Failed at step SECUREBITS spawning /usr/sbin/httpd: Operation not permitted Sep 21 13:06:33 testserver systemd[1]: httpd.service: Main process exited, code=exited, status=213/SECUREBITS
Yeah, sorry for that. It should be fixed by -2. *** This bug has been marked as a duplicate of bug 1880882 ***