diff --git a/20-yama-ptrace.conf b/20-yama-ptrace.conf deleted file mode 100644 index 4fbaf97ca6993db067c8cc114e1ba16bfd77421b..0000000000000000000000000000000000000000 --- a/20-yama-ptrace.conf +++ /dev/null @@ -1,42 +0,0 @@ -# The ptrace system call is used for interprocess services, -# communication and introspection (like synchronisation, signaling, -# debugging, tracing and profiling) of processes. -# -# Usage of ptrace is restricted by normal user permissions. Normal -# unprivileged processes cannot use ptrace on processes that they -# cannot send signals to or processes that are running set-uid or -# set-gid. Nevertheless, processes running under the same uid will -# usually be able to ptrace one another. -# -# Fedora enables the Yama security mechanism which restricts ptrace -# even further. Sysctl setting kernel.yama.ptrace_scope can have one -# of the following values: -# -# 0 - Normal ptrace security permissions. -# 1 - Restricted ptrace. Only child processes plus normal permissions. -# 2 - Admin-only attach. Only executables with CAP_SYS_PTRACE. -# 3 - No attach. No process may call ptrace at all. Irrevocable. -# -# For more information see Documentation/security/Yama.txt in the -# kernel sources. -# -# The default is 1., which allows tracing of child processes, but -# forbids tracing of arbitrary processes. This allows programs like -# gdb or strace to work when the most common way of having the -# debugger start the debuggee is used: -# gdb /path/to/program ... -# Attaching to already running programs is NOT allowed: -# gdb -p ... -# This default setting is suitable for the common case, because it -# reduces the risk that one hacked process can be used to attack other -# processes. (For example, a hacked firefox process in a user session -# will not be able to ptrace the keyring process and extract passwords -# stored only in memory.) -# -# Developers and administrators might want to disable those protections -# to be able to attach debuggers to existing processes. Use -# sysctl kernel.yama.ptrace_scope=0 -# for change the setting temporarily, or copy this file to -# /etc/sysctl.d/20-yama-ptrace.conf to set it for future boots. - -kernel.yama.ptrace_scope = 0 diff --git a/systemd.spec b/systemd.spec index 3190928d304152e5fb5cdcfa61956d1f28eda29f..d574f6b3697f0904d22d9f65f1b1cc1f44e148d2 100644 --- a/systemd.spec +++ b/systemd.spec @@ -16,7 +16,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd Version: 243 -Release: 6 +Release: 7 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -30,7 +30,6 @@ Source5: inittab Source6: sysctl.conf.README Source7: systemd-journal-remote.xml Source8: systemd-journal-gatewayd.xml -Source9: 20-yama-ptrace.conf Source10: systemd-udev-trigger-no-reload.conf Source11: 20-grubby.install Source12: systemd-user @@ -336,10 +335,6 @@ install -Dm0644 -t %{buildroot}/usr/lib/firewalld/services/ %{SOURCE7} %{SOURCE8 # Restore systemd-user pam config from before "removal of Fedora-specific bits" install -Dm0644 -t %{buildroot}/etc/pam.d/ %{SOURCE12} -# Install additional docs -# https://bugzilla.redhat.com/show_bug.cgi?id=1234951 -install -Dm0644 -t %{buildroot}%{_pkgdocdir}/ %{SOURCE9} - # https://bugzilla.redhat.com/show_bug.cgi?id=1378974 install -Dm0644 -t %{buildroot}%{system_unit_dir}/systemd-udev-trigger.service.d/ %{SOURCE10} @@ -1439,6 +1434,12 @@ fi %exclude /usr/share/man/man3/* %changelog +* Tue Dec 31 2019 openEuler Buildteam - 243-7 +- Type:NA +- ID:NA +- SUG:NA +- DESC:delete unneeded source + * Mon Dec 23 2019 openEuler Buildteam - 243-6 - Type:NA - ID:NA