systemd/0011-core-disable-session-keyring-per-system-sevice-entir.patch

46 lines
1.6 KiB
Diff
Raw Normal View History

Accepting request 915488 from Base:System - Configure split-usr=true only when %usrmerged is not defined - Import commit 40bda18e346ff45132ccd6f8f8e96de78dcf3470 (merge of v249.4) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/7f23815a706cf2b2df3eac2eb2f8220736b8f427...40bda18e346ff45132ccd6f8f8e96de78dcf3470 - Rework the test (sub)package: - it's been renamed into 'systemd-testsuite' - it includes the extended tests too - the relevant commits have been backported to SUSE/v249 so no SUSE specific patch is needed to run the extended tests (see below) - the deps needed by the extended tests have been added - Import commit 7f23815a706cf2b2df3eac2eb2f8220736b8f427 ad216581b6 test: if haveged is part of initrd it needs to be installed in the image too 088fbb71d0 test: adapt install_pam() for openSUSE 4d631c1f0c Revert "test: adapt TEST-13-NSPAWN-SMOKE for SUSE" ef956eb8a2 test: on openSUSE the static linked version of busybox is named "busybox-static" 6f7ce633b0 TEST-13-*: in busybox container sleep(1) takes a delay in seconds only 278baaa3ec test: don't try to find BUILD_DIR when NO_BUILD is set 3bba2f876a test: add support for NO_BUILD=1 on openSUSE d77cbc1b64 test: make busybox TEST-13-only dependency - Upgrade to v249.2 (commit c0bb2fcbc26f6aacde574656159504f263916719) See https://github.com/openSUSE/systemd/blob/SUSE/v249/NEWS for details. - Rebased 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch - Configure split-usr=true only when %usrmerged is not defined OBS-URL: https://build.opensuse.org/request/show/915488 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=335
2021-09-04 22:33:46 +02:00
From 67f3fa5aa2781d42c809da9303f81b28544824d8 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Thu, 6 Jul 2017 15:48:10 +0200
Accepting request 915488 from Base:System - Configure split-usr=true only when %usrmerged is not defined - Import commit 40bda18e346ff45132ccd6f8f8e96de78dcf3470 (merge of v249.4) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/7f23815a706cf2b2df3eac2eb2f8220736b8f427...40bda18e346ff45132ccd6f8f8e96de78dcf3470 - Rework the test (sub)package: - it's been renamed into 'systemd-testsuite' - it includes the extended tests too - the relevant commits have been backported to SUSE/v249 so no SUSE specific patch is needed to run the extended tests (see below) - the deps needed by the extended tests have been added - Import commit 7f23815a706cf2b2df3eac2eb2f8220736b8f427 ad216581b6 test: if haveged is part of initrd it needs to be installed in the image too 088fbb71d0 test: adapt install_pam() for openSUSE 4d631c1f0c Revert "test: adapt TEST-13-NSPAWN-SMOKE for SUSE" ef956eb8a2 test: on openSUSE the static linked version of busybox is named "busybox-static" 6f7ce633b0 TEST-13-*: in busybox container sleep(1) takes a delay in seconds only 278baaa3ec test: don't try to find BUILD_DIR when NO_BUILD is set 3bba2f876a test: add support for NO_BUILD=1 on openSUSE d77cbc1b64 test: make busybox TEST-13-only dependency - Upgrade to v249.2 (commit c0bb2fcbc26f6aacde574656159504f263916719) See https://github.com/openSUSE/systemd/blob/SUSE/v249/NEWS for details. - Rebased 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch - Configure split-usr=true only when %usrmerged is not defined OBS-URL: https://build.opensuse.org/request/show/915488 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=335
2021-09-04 22:33:46 +02:00
Subject: [PATCH 10/11] core: disable session keyring per system sevice
entirely for now
Until PAM module "pam_keyinit" is fully integrated in SUSE's PAM stack, this
feature has to be disabled.
openSUSE is still not ready for enabling the keyring stuff (see
bsc#1081947). Some services got fixed (sshd, getty@.service) but some still
haven't (xdm, login, ...)
So leave it disabled again otherwise different users might end up using the
same session keyring - the one created for the service used for logging in
(sshd, getty@.service, xdm, etc...)
The integration of pam_keyinit is tracked here:
https://bugzilla.opensuse.org/show_bug.cgi?id=1081947
See also:
https://github.com/systemd/systemd/pull/6286
[fbui: fixes boo#1045886]
---
src/core/execute.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/core/execute.c b/src/core/execute.c
Accepting request 915488 from Base:System - Configure split-usr=true only when %usrmerged is not defined - Import commit 40bda18e346ff45132ccd6f8f8e96de78dcf3470 (merge of v249.4) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/7f23815a706cf2b2df3eac2eb2f8220736b8f427...40bda18e346ff45132ccd6f8f8e96de78dcf3470 - Rework the test (sub)package: - it's been renamed into 'systemd-testsuite' - it includes the extended tests too - the relevant commits have been backported to SUSE/v249 so no SUSE specific patch is needed to run the extended tests (see below) - the deps needed by the extended tests have been added - Import commit 7f23815a706cf2b2df3eac2eb2f8220736b8f427 ad216581b6 test: if haveged is part of initrd it needs to be installed in the image too 088fbb71d0 test: adapt install_pam() for openSUSE 4d631c1f0c Revert "test: adapt TEST-13-NSPAWN-SMOKE for SUSE" ef956eb8a2 test: on openSUSE the static linked version of busybox is named "busybox-static" 6f7ce633b0 TEST-13-*: in busybox container sleep(1) takes a delay in seconds only 278baaa3ec test: don't try to find BUILD_DIR when NO_BUILD is set 3bba2f876a test: add support for NO_BUILD=1 on openSUSE d77cbc1b64 test: make busybox TEST-13-only dependency - Upgrade to v249.2 (commit c0bb2fcbc26f6aacde574656159504f263916719) See https://github.com/openSUSE/systemd/blob/SUSE/v249/NEWS for details. - Rebased 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch - Configure split-usr=true only when %usrmerged is not defined OBS-URL: https://build.opensuse.org/request/show/915488 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=335
2021-09-04 22:33:46 +02:00
index 2a337b55a2..b5a1a3b6e5 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
Accepting request 915488 from Base:System - Configure split-usr=true only when %usrmerged is not defined - Import commit 40bda18e346ff45132ccd6f8f8e96de78dcf3470 (merge of v249.4) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/7f23815a706cf2b2df3eac2eb2f8220736b8f427...40bda18e346ff45132ccd6f8f8e96de78dcf3470 - Rework the test (sub)package: - it's been renamed into 'systemd-testsuite' - it includes the extended tests too - the relevant commits have been backported to SUSE/v249 so no SUSE specific patch is needed to run the extended tests (see below) - the deps needed by the extended tests have been added - Import commit 7f23815a706cf2b2df3eac2eb2f8220736b8f427 ad216581b6 test: if haveged is part of initrd it needs to be installed in the image too 088fbb71d0 test: adapt install_pam() for openSUSE 4d631c1f0c Revert "test: adapt TEST-13-NSPAWN-SMOKE for SUSE" ef956eb8a2 test: on openSUSE the static linked version of busybox is named "busybox-static" 6f7ce633b0 TEST-13-*: in busybox container sleep(1) takes a delay in seconds only 278baaa3ec test: don't try to find BUILD_DIR when NO_BUILD is set 3bba2f876a test: add support for NO_BUILD=1 on openSUSE d77cbc1b64 test: make busybox TEST-13-only dependency - Upgrade to v249.2 (commit c0bb2fcbc26f6aacde574656159504f263916719) See https://github.com/openSUSE/systemd/blob/SUSE/v249/NEWS for details. - Rebased 0002-rc-local-fix-ordering-startup-for-etc-init.d-boot.lo.patch 0012-resolved-create-etc-resolv.conf-symlink-at-runtime.patch - Configure split-usr=true only when %usrmerged is not defined OBS-URL: https://build.opensuse.org/request/show/915488 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemd?expand=0&rev=335
2021-09-04 22:33:46 +02:00
@@ -3356,6 +3356,9 @@ static int setup_keyring(
assert(context);
assert(p);
+ /* SUSE: pam_keyinit is still not fully integrated to SUSE's PAM stack... */
+ return 0;
+
/* Let's set up a new per-service "session" kernel keyring for each system service. This has the benefit that
* each service runs with its own keyring shared among all processes of the service, but with no hook-up beyond
* that scope, and in particular no link to the per-UID keyring. If we don't do this the keyring will be
--
2.26.2