Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / b58112e5af484d9314f6a4487b1bc8b292f952ef / . / meta-openembedded / meta-oe / recipes-extended / polkit / polkit / 0001-polkit.service.in-disable-MemoryDenyWriteExecute.patch
blob: 4f008f7a97d7fe53830d6b96c00d3ddc291655b1 [file] [log] [blame]
From 95148a804be66092564f81306a02f625d5b8a5d0 Mon Sep 17 00:00:00 2001
From: Markus Volk <f_l_k@t-online.de>
Date: Sun, 17 Sep 2023 23:26:59 +0200
Subject: [PATCH] polkit.service.in: disable MemoryDenyWriteExecute
A few momths ago some hardening options have been added to polkit.service.in
https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/177/diffs?commit_id=afecbd53696e32bbadd60f431fc7d285f3edd265
and polkitd segfaults with MemoryDenyWriteExecute=yes, at least in my environment
Upstream-Status: Inappropriate [needs further investigation]
Signed-off-by: Markus Volk <f_l_k@t-online.de>
---
data/polkit.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/data/polkit.service.in b/data/polkit.service.in
index e6db351..4390cce 100644
--- a/data/polkit.service.in
+++ b/data/polkit.service.in
@@ -12,7 +12,7 @@ ExecStart=@libprivdir@/polkitd --no-debug
User=@polkitd_user@
LimitMEMLOCK=0
LockPersonality=yes
-MemoryDenyWriteExecute=yes
+#MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateNetwork=yes