Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 220dafdb7243da3683b8a972c80a3719c2d137ef / . / meta-openembedded / meta-oe / recipes-extended / polkit / polkit / 0001-polkit.service.in-disable-MemoryDenyWriteExecute.patch
blob: 9a097274a4f3226fd032b58276fe50421cc6c971 [file] [log] [blame]
From 046d853818f18bac5df4dfc007151e06fd64a5b3 Mon Sep 17 00:00:00 2001
From: Markus Volk <f_l_k@t-online.de>
Date: Sun, 17 Sep 2023 23:26:59 +0200
Subject: [PATCH] polkit.service.in: disable MemoryDenyWriteExecute
A few momths ago some hardening options have been added to polkit.service.in
https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/177/diffs?commit_id=afecbd53696e32bbadd60f431fc7d285f3edd265
and polkitd segfaults with MemoryDenyWriteExecute=yes, at least in my environment
Upstream-Status: Inappropriate [needs further investigation]
Signed-off-by: Markus Volk <f_l_k@t-online.de>
---
data/polkit.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/data/polkit.service.in b/data/polkit.service.in
index 2113ff7..42dfd90 100644
--- a/data/polkit.service.in
+++ b/data/polkit.service.in
@@ -14,7 +14,7 @@ Group=@polkitd_user@
IPAddressDeny=any
LimitMEMLOCK=0
LockPersonality=yes
-MemoryDenyWriteExecute=yes
+#MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateNetwork=yes
--
2.41.0