- Added 0001-core-disable-session-keyring-per-system-sevice-entir.patch (bnc#1045886)
Temporary patch to disable the session keyring stuff as it's currently broken and may introduce some security holes. OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=981
This commit is contained in:
parent
22afb4ce21
commit
f3ac0df148
@ -0,0 +1,31 @@
|
||||
From 30cceac444bcc67896611154b051669225abaa93 Mon Sep 17 00:00:00 2001
|
||||
From: Franck Bui <fbui@suse.com>
|
||||
Date: Thu, 6 Jul 2017 15:48:10 +0200
|
||||
Subject: [PATCH] core: disable session keyring per system sevice entirely
|
||||
for now
|
||||
|
||||
It seems that this stuff needs more thoughts...
|
||||
|
||||
See also:
|
||||
https://github.com/systemd/systemd/pull/6286
|
||||
|
||||
[fbui: fixes bnc#1045886]
|
||||
---
|
||||
src/core/service.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/src/core/service.c b/src/core/service.c
|
||||
index 74054887b..874f2be93 100644
|
||||
--- a/src/core/service.c
|
||||
+++ b/src/core/service.c
|
||||
@@ -1341,7 +1341,6 @@ static int service_spawn(
|
||||
} else
|
||||
path = UNIT(s)->cgroup_path;
|
||||
|
||||
- exec_params.flags |= MANAGER_IS_SYSTEM(UNIT(s)->manager) ? EXEC_NEW_KEYRING : 0;
|
||||
exec_params.argv = c->argv;
|
||||
exec_params.environment = final_env;
|
||||
exec_params.fds = fds;
|
||||
--
|
||||
2.13.1
|
||||
|
@ -1,3 +1,11 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 6 14:12:34 UTC 2017 - fbui@suse.com
|
||||
|
||||
- Added 0001-core-disable-session-keyring-per-system-sevice-entir.patch (bnc#1045886)
|
||||
|
||||
Temporary patch to disable the session keyring stuff as it's
|
||||
currently broken and may introduce some security holes.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 6 12:57:06 UTC 2017 - fbui@suse.com
|
||||
|
||||
|
@ -155,6 +155,14 @@ Source14: kbd-model-map.legacy
|
||||
|
||||
Source1065: udev-remount-tmpfs
|
||||
|
||||
# Patches listed in here are really special cases. Normally all
|
||||
# changes must go to upstream first and then are cherry-picked in the
|
||||
# SUSE git repository. But in very few cases, some stuff might be
|
||||
# broken in upstream and need an urgent fix. Even in this case, the
|
||||
# patches are temporary and should be removed as soon as a fix is
|
||||
# merged by upstream.
|
||||
Patch1: 0001-core-disable-session-keyring-per-system-sevice-entir.patch
|
||||
|
||||
%description
|
||||
Systemd is a system and service manager, compatible with SysV and LSB
|
||||
init scripts for Linux. systemd provides aggressive parallelization
|
||||
@ -398,6 +406,7 @@ Some systemd commands offer bash completion, but it is an optional dependency.
|
||||
|
||||
%prep
|
||||
%setup -q -n systemd-%{version}
|
||||
%autopatch -p1
|
||||
|
||||
# only needed for bootstrap
|
||||
%if 0%{?bootstrap}
|
||||
|
@ -1,3 +1,11 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 6 14:12:34 UTC 2017 - fbui@suse.com
|
||||
|
||||
- Added 0001-core-disable-session-keyring-per-system-sevice-entir.patch (bnc#1045886)
|
||||
|
||||
Temporary patch to disable the session keyring stuff as it's
|
||||
currently broken and may introduce some security holes.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 6 12:57:06 UTC 2017 - fbui@suse.com
|
||||
|
||||
|
@ -153,6 +153,14 @@ Source14: kbd-model-map.legacy
|
||||
|
||||
Source1065: udev-remount-tmpfs
|
||||
|
||||
# Patches listed in here are really special cases. Normally all
|
||||
# changes must go to upstream first and then are cherry-picked in the
|
||||
# SUSE git repository. But in very few cases, some stuff might be
|
||||
# broken in upstream and need an urgent fix. Even in this case, the
|
||||
# patches are temporary and should be removed as soon as a fix is
|
||||
# merged by upstream.
|
||||
Patch1: 0001-core-disable-session-keyring-per-system-sevice-entir.patch
|
||||
|
||||
%description
|
||||
Systemd is a system and service manager, compatible with SysV and LSB
|
||||
init scripts for Linux. systemd provides aggressive parallelization
|
||||
@ -396,6 +404,7 @@ Some systemd commands offer bash completion, but it is an optional dependency.
|
||||
|
||||
%prep
|
||||
%setup -q -n systemd-%{version}
|
||||
%autopatch -p1
|
||||
|
||||
# only needed for bootstrap
|
||||
%if 0%{?bootstrap}
|
||||
|
Loading…
Reference in New Issue
Block a user