polkitd doesn't segfault with MemoryDenyWriteExecute=yes anymore Signed-off-by: Markus Volk <f_...@t-online.de> --- ...ce.in-disable-MemoryDenyWriteExecute.patch | 30 ------------------- meta-oe/recipes-extended/polkit/polkit_124.bb | 4 +-- 2 files changed, 1 insertion(+), 33 deletions(-) delete mode 100644 meta-oe/recipes-extended/polkit/polkit/0001-polkit.service.in-disable-MemoryDenyWriteExecute.patch
diff --git a/meta-oe/recipes-extended/polkit/polkit/0001-polkit.service.in-disable-MemoryDenyWriteExecute.patch b/meta-oe/recipes-extended/polkit/polkit/0001-polkit.service.in-disable-MemoryDenyWriteExecute.patch deleted file mode 100644 index 4f008f7a9..000000000 --- a/meta-oe/recipes-extended/polkit/polkit/0001-polkit.service.in-disable-MemoryDenyWriteExecute.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 95148a804be66092564f81306a02f625d5b8a5d0 Mon Sep 17 00:00:00 2001 -From: Markus Volk <f_...@t-online.de> -Date: Sun, 17 Sep 2023 23:26:59 +0200 -Subject: [PATCH] polkit.service.in: disable MemoryDenyWriteExecute - -A few momths ago some hardening options have been added to polkit.service.in -https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/177/diffs?commit_id=afecbd53696e32bbadd60f431fc7d285f3edd265 - -and polkitd segfaults with MemoryDenyWriteExecute=yes, at least in my environment - -Upstream-Status: Inappropriate [needs further investigation] - -Signed-off-by: Markus Volk <f_...@t-online.de> ---- - data/polkit.service.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/data/polkit.service.in b/data/polkit.service.in -index e6db351..4390cce 100644 ---- a/data/polkit.service.in -+++ b/data/polkit.service.in -@@ -12,7 +12,7 @@ ExecStart=@libprivdir@/polkitd --no-debug - User=@polkitd_user@ - LimitMEMLOCK=0 - LockPersonality=yes --MemoryDenyWriteExecute=yes -+#MemoryDenyWriteExecute=yes - NoNewPrivileges=yes - PrivateDevices=yes - PrivateNetwork=yes diff --git a/meta-oe/recipes-extended/polkit/polkit_124.bb b/meta-oe/recipes-extended/polkit/polkit_124.bb index 3eb0d5280..9e2eb05c6 100644 --- a/meta-oe/recipes-extended/polkit/polkit_124.bb +++ b/meta-oe/recipes-extended/polkit/polkit_124.bb @@ -4,9 +4,7 @@ HOMEPAGE = "http://www.freedesktop.org/wiki/Software/polkit"; LICENSE = "LGPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=155db86cdbafa7532b41f390409283eb" -SRC_URI = "git://gitlab.freedesktop.org/polkit/polkit.git;protocol=https;branch=master \ - file://0001-polkit.service.in-disable-MemoryDenyWriteExecute.patch \ - " +SRC_URI = "git://gitlab.freedesktop.org/polkit/polkit.git;protocol=https;branch=master" S = "${WORKDIR}/git" SRCREV = "82f0924dc0eb23b9df68e88dbaf9e07c81940a5a" -- 2.44.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#109265): https://lists.openembedded.org/g/openembedded-devel/message/109265 Mute This Topic: https://lists.openembedded.org/mt/104859069/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
