diff options
Diffstat (limited to 'meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch')
-rw-r--r-- | meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch | 31 |
1 files changed, 6 insertions, 25 deletions
diff --git a/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch b/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch index d7367caf78..c61e39dc80 100644 --- a/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch +++ b/meta/recipes-extended/iputils/iputils/0001-rarpd-rdisc-Drop-PrivateUsers.patch @@ -1,20 +1,20 @@ -From 6e51d529988cfc0bb357751fd767e9f1478e2b81 Mon Sep 17 00:00:00 2001 +From dfeeb3f1328d09f516edeb6349bd63e3c87f9397 Mon Sep 17 00:00:00 2001 From: Alex Kiernan <alex.kiernan@gmail.com> Date: Thu, 13 Feb 2020 06:08:45 +0000 -Subject: [PATCH] rarpd: rdisc: Drop PrivateUsers +Subject: [PATCH] rarpd:Drop PrivateUsers -Neither rarpd nor rdisc can gain the necessary capabilities with +rarpd cannot gain the necessary capabilities with PrivateUsers enabled. Upstream-Status: Pending Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> + --- systemd/rarpd.service.in | 1 - - systemd/rdisc.service.in | 3 ++- - 2 files changed, 2 insertions(+), 2 deletions(-) + 1 file changed, 1 deletion(-) diff --git a/systemd/rarpd.service.in b/systemd/rarpd.service.in -index e600c10c93e6..f5d7621a7ce8 100644 +index e600c10..f5d7621 100644 --- a/systemd/rarpd.service.in +++ b/systemd/rarpd.service.in @@ -12,7 +12,6 @@ AmbientCapabilities=CAP_NET_RAW @@ -25,22 +25,3 @@ index e600c10c93e6..f5d7621a7ce8 100644 ProtectSystem=strict ProtectHome=yes ProtectControlGroups=yes -diff --git a/systemd/rdisc.service.in b/systemd/rdisc.service.in -index 4e2a1ec9d0e5..a71b87d36b37 100644 ---- a/systemd/rdisc.service.in -+++ b/systemd/rdisc.service.in -@@ -8,9 +8,10 @@ After=network.target - EnvironmentFile=-/etc/sysconfig/rdisc - ExecStart=@sbindir@/rdisc -f -t $OPTIONS $SEND_ADDRESS $RECEIVE_ADDRESS - -+CapabilityBoundingSet=CAP_NET_RAW - AmbientCapabilities=CAP_NET_RAW - PrivateTmp=yes --PrivateUsers=yes -+DynamicUser=yes - ProtectSystem=strict - ProtectHome=yes - ProtectControlGroups=yes --- -2.17.1 - |