openeuler-ci-bot
Gitee
commit
e1fec2df4f
@ -1,42 +0,0 @@
|
||||
# The ptrace system call is used for interprocess services,
|
||||
# communication and introspection (like synchronisation, signaling,
|
||||
# debugging, tracing and profiling) of processes.
|
||||
#
|
||||
# Usage of ptrace is restricted by normal user permissions. Normal
|
||||
# unprivileged processes cannot use ptrace on processes that they
|
||||
# cannot send signals to or processes that are running set-uid or
|
||||
# set-gid. Nevertheless, processes running under the same uid will
|
||||
# usually be able to ptrace one another.
|
||||
#
|
||||
# Fedora enables the Yama security mechanism which restricts ptrace
|
||||
# even further. Sysctl setting kernel.yama.ptrace_scope can have one
|
||||
# of the following values:
|
||||
#
|
||||
# 0 - Normal ptrace security permissions.
|
||||
# 1 - Restricted ptrace. Only child processes plus normal permissions.
|
||||
# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE.
|
||||
# 3 - No attach. No process may call ptrace at all. Irrevocable.
|
||||
#
|
||||
# For more information see Documentation/security/Yama.txt in the
|
||||
# kernel sources.
|
||||
#
|
||||
# The default is 1., which allows tracing of child processes, but
|
||||
# forbids tracing of arbitrary processes. This allows programs like
|
||||
# gdb or strace to work when the most common way of having the
|
||||
# debugger start the debuggee is used:
|
||||
# gdb /path/to/program ...
|
||||
# Attaching to already running programs is NOT allowed:
|
||||
# gdb -p ...
|
||||
# This default setting is suitable for the common case, because it
|
||||
# reduces the risk that one hacked process can be used to attack other
|
||||
# processes. (For example, a hacked firefox process in a user session
|
||||
# will not be able to ptrace the keyring process and extract passwords
|
||||
# stored only in memory.)
|
||||
#
|
||||
# Developers and administrators might want to disable those protections
|
||||
# to be able to attach debuggers to existing processes. Use
|
||||
# sysctl kernel.yama.ptrace_scope=0
|
||||
# for change the setting temporarily, or copy this file to
|
||||
# /etc/sysctl.d/20-yama-ptrace.conf to set it for future boots.
|
||||
|
||||
kernel.yama.ptrace_scope = 0
|
||||
13
systemd.spec
13
systemd.spec
@ -16,7 +16,7 @@
|
||||
Name: systemd
|
||||
Url: https://www.freedesktop.org/wiki/Software/systemd
|
||||
Version: 243
|
||||
Release: 6
|
||||
Release: 7
|
||||
License: MIT and LGPLv2+ and GPLv2+
|
||||
Summary: System and Service Manager
|
||||
|
||||
@ -30,7 +30,6 @@ Source5: inittab
|
||||
Source6: sysctl.conf.README
|
||||
Source7: systemd-journal-remote.xml
|
||||
Source8: systemd-journal-gatewayd.xml
|
||||
Source9: 20-yama-ptrace.conf
|
||||
Source10: systemd-udev-trigger-no-reload.conf
|
||||
Source11: 20-grubby.install
|
||||
Source12: systemd-user
|
||||
@ -336,10 +335,6 @@ install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8
|
||||
# Restore systemd-user pam config from before "removal of Fedora-specific bits"
|
||||
install -Dm0644 -t %{buildroot}/etc/pam.d/ %{SOURCE12}
|
||||
|
||||
# Install additional docs
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1234951
|
||||
install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9}
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1378974
|
||||
install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10}
|
||||
|
||||
@ -1439,6 +1434,12 @@ fi
|
||||
%exclude /usr/share/man/man3/*
|
||||
|
||||
%changelog
|
||||
* Tue Dec 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 243-7
|
||||
- Type:NA
|
||||
- ID:NA
|
||||
- SUG:NA
|
||||
- DESC:delete unneeded source
|
||||
|
||||
* Mon Dec 23 2019 openEuler Buildteam <buildteam@openeuler.org> - 243-6
|
||||
- Type:NA
|
||||
- ID:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user