forked from pool/systemd
Accepting request 508587 from home:fbui:systemd:Factory
- Added 0001-core-disable-session-keyring-per-system-sevice-entir.patch (bnc#1045886) Temporary patch to disable the session keyring stuff as it's currently broken and may introduce some security holes. OBS-URL: https://build.opensuse.org/request/show/508587 OBS-URL: https://build.opensuse.org/package/show/Base:System/systemd?expand=0&rev=981
This commit is contained in:
Franck Bui
Git OBS Bridge
parent
86c3dfdc89
commit
92fd7e938a
@ -0,0 +1,31 @@
|
|||||||
|
From 30cceac444bcc67896611154b051669225abaa93 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Franck Bui <fbui@suse.com>
|
||||||
|
Date: Thu, 6 Jul 2017 15:48:10 +0200
|
||||||
|
Subject: [PATCH] core: disable session keyring per system sevice entirely
|
||||||
|
for now
|
||||||
|
|
||||||
|
It seems that this stuff needs more thoughts...
|
||||||
|
|
||||||
|
See also:
|
||||||
|
https://github.com/systemd/systemd/pull/6286
|
||||||
|
|
||||||
|
[fbui: fixes bnc#1045886]
|
||||||
|
---
|
||||||
|
src/core/service.c | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/core/service.c b/src/core/service.c
|
||||||
|
index 74054887b..874f2be93 100644
|
||||||
|
--- a/src/core/service.c
|
||||||
|
+++ b/src/core/service.c
|
||||||
|
@@ -1341,7 +1341,6 @@ static int service_spawn(
|
||||||
|
} else
|
||||||
|
path = UNIT(s)->cgroup_path;
|
||||||
|
|
||||||
|
- exec_params.flags |= MANAGER_IS_SYSTEM(UNIT(s)->manager) ? EXEC_NEW_KEYRING : 0;
|
||||||
|
exec_params.argv = c->argv;
|
||||||
|
exec_params.environment = final_env;
|
||||||
|
exec_params.fds = fds;
|
||||||
|
--
|
||||||
|
2.13.1
|
||||||
|
|
||||||
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 6 14:12:34 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Added 0001-core-disable-session-keyring-per-system-sevice-entir.patch (bnc#1045886)
|
||||||
|
|
||||||
|
Temporary patch to disable the session keyring stuff as it's
|
||||||
|
currently broken and may introduce some security holes.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jul 6 12:57:06 UTC 2017 - fbui@suse.com
|
Thu Jul 6 12:57:06 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
|||||||
@ -155,6 +155,14 @@ Source14: kbd-model-map.legacy
|
|||||||
|
|
||||||
Source1065: udev-remount-tmpfs
|
Source1065: udev-remount-tmpfs
|
||||||
|
|
||||||
|
# Patches listed in here are really special cases. Normally all
|
||||||
|
# changes must go to upstream first and then are cherry-picked in the
|
||||||
|
# SUSE git repository. But in very few cases, some stuff might be
|
||||||
|
# broken in upstream and need an urgent fix. Even in this case, the
|
||||||
|
# patches are temporary and should be removed as soon as a fix is
|
||||||
|
# merged by upstream.
|
||||||
|
Patch1: 0001-core-disable-session-keyring-per-system-sevice-entir.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Systemd is a system and service manager, compatible with SysV and LSB
|
Systemd is a system and service manager, compatible with SysV and LSB
|
||||||
init scripts for Linux. systemd provides aggressive parallelization
|
init scripts for Linux. systemd provides aggressive parallelization
|
||||||
@ -398,6 +406,7 @@ Some systemd commands offer bash completion, but it is an optional dependency.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n systemd-%{version}
|
%setup -q -n systemd-%{version}
|
||||||
|
%autopatch -p1
|
||||||
|
|
||||||
# only needed for bootstrap
|
# only needed for bootstrap
|
||||||
%if 0%{?bootstrap}
|
%if 0%{?bootstrap}
|
||||||
|
|||||||
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 6 14:12:34 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
- Added 0001-core-disable-session-keyring-per-system-sevice-entir.patch (bnc#1045886)
|
||||||
|
|
||||||
|
Temporary patch to disable the session keyring stuff as it's
|
||||||
|
currently broken and may introduce some security holes.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jul 6 12:57:06 UTC 2017 - fbui@suse.com
|
Thu Jul 6 12:57:06 UTC 2017 - fbui@suse.com
|
||||||
|
|
||||||
|
|||||||
@ -153,6 +153,14 @@ Source14: kbd-model-map.legacy
|
|||||||
|
|
||||||
Source1065: udev-remount-tmpfs
|
Source1065: udev-remount-tmpfs
|
||||||
|
|
||||||
|
# Patches listed in here are really special cases. Normally all
|
||||||
|
# changes must go to upstream first and then are cherry-picked in the
|
||||||
|
# SUSE git repository. But in very few cases, some stuff might be
|
||||||
|
# broken in upstream and need an urgent fix. Even in this case, the
|
||||||
|
# patches are temporary and should be removed as soon as a fix is
|
||||||
|
# merged by upstream.
|
||||||
|
Patch1: 0001-core-disable-session-keyring-per-system-sevice-entir.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Systemd is a system and service manager, compatible with SysV and LSB
|
Systemd is a system and service manager, compatible with SysV and LSB
|
||||||
init scripts for Linux. systemd provides aggressive parallelization
|
init scripts for Linux. systemd provides aggressive parallelization
|
||||||
@ -396,6 +404,7 @@ Some systemd commands offer bash completion, but it is an optional dependency.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n systemd-%{version}
|
%setup -q -n systemd-%{version}
|
||||||
|
%autopatch -p1
|
||||||
|
|
||||||
# only needed for bootstrap
|
# only needed for bootstrap
|
||||||
%if 0%{?bootstrap}
|
%if 0%{?bootstrap}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user