- Added 0001-core-disable-session-keyring-per-system-sevice-entir.patch (bnc#1045886)

Temporary patch to disable the session keyring stuff as it's
  currently broken and may introduce some security holes.

OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=981
This commit is contained in:
Franck Bui 2017-07-06 14:18:03 +00:00 committed by Git OBS Bridge
parent 22afb4ce21
commit f3ac0df148
5 changed files with 65 additions and 0 deletions

View File

@ -0,0 +1,31 @@
From 30cceac444bcc67896611154b051669225abaa93 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Thu, 6 Jul 2017 15:48:10 +0200
Subject: [PATCH] core: disable session keyring per system sevice entirely
for now
It seems that this stuff needs more thoughts...
See also:
https://github.com/systemd/systemd/pull/6286
[fbui: fixes bnc#1045886]
---
src/core/service.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/core/service.c b/src/core/service.c
index 74054887b..874f2be93 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1341,7 +1341,6 @@ static int service_spawn(
} else
path = UNIT(s)->cgroup_path;
- exec_params.flags |= MANAGER_IS_SYSTEM(UNIT(s)->manager) ? EXEC_NEW_KEYRING : 0;
exec_params.argv = c->argv;
exec_params.environment = final_env;
exec_params.fds = fds;
--
2.13.1

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Jul 6 14:12:34 UTC 2017 - fbui@suse.com
- Added 0001-core-disable-session-keyring-per-system-sevice-entir.patch (bnc#1045886)
Temporary patch to disable the session keyring stuff as it's
currently broken and may introduce some security holes.
-------------------------------------------------------------------
Thu Jul 6 12:57:06 UTC 2017 - fbui@suse.com

View File

@ -155,6 +155,14 @@ Source14: kbd-model-map.legacy
Source1065: udev-remount-tmpfs
# Patches listed in here are really special cases. Normally all
# changes must go to upstream first and then are cherry-picked in the
# SUSE git repository. But in very few cases, some stuff might be
# broken in upstream and need an urgent fix. Even in this case, the
# patches are temporary and should be removed as soon as a fix is
# merged by upstream.
Patch1: 0001-core-disable-session-keyring-per-system-sevice-entir.patch
%description
Systemd is a system and service manager, compatible with SysV and LSB
init scripts for Linux. systemd provides aggressive parallelization
@ -398,6 +406,7 @@ Some systemd commands offer bash completion, but it is an optional dependency.
%prep
%setup -q -n systemd-%{version}
%autopatch -p1
# only needed for bootstrap
%if 0%{?bootstrap}

View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Thu Jul 6 14:12:34 UTC 2017 - fbui@suse.com
- Added 0001-core-disable-session-keyring-per-system-sevice-entir.patch (bnc#1045886)
Temporary patch to disable the session keyring stuff as it's
currently broken and may introduce some security holes.
-------------------------------------------------------------------
Thu Jul 6 12:57:06 UTC 2017 - fbui@suse.com

View File

@ -153,6 +153,14 @@ Source14: kbd-model-map.legacy
Source1065: udev-remount-tmpfs
# Patches listed in here are really special cases. Normally all
# changes must go to upstream first and then are cherry-picked in the
# SUSE git repository. But in very few cases, some stuff might be
# broken in upstream and need an urgent fix. Even in this case, the
# patches are temporary and should be removed as soon as a fix is
# merged by upstream.
Patch1: 0001-core-disable-session-keyring-per-system-sevice-entir.patch
%description
Systemd is a system and service manager, compatible with SysV and LSB
init scripts for Linux. systemd provides aggressive parallelization
@ -396,6 +404,7 @@ Some systemd commands offer bash completion, but it is an optional dependency.
%prep
%setup -q -n systemd-%{version}
%autopatch -p1
# only needed for bootstrap
%if 0%{?bootstrap}