Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / d1a90aa35d35426789d8f4061166a6dd8d27a30e / . / poky / meta / recipes-extended / iputils / iputils / 0001-rarpd-rdisc-Drop-PrivateUsers.patch
blob: d7367caf787775d97c8efcd38efbc6a0c6b7c5f6 [file] [log] [blame]
Andrew Geissler82c905d2020-04-13 13:39:40 -0500[diff] [blame]1From 6e51d529988cfc0bb357751fd767e9f1478e2b81 Mon Sep 17 00:00:00 2001
2From: Alex Kiernan <alex.kiernan@gmail.com>
3Date: Thu, 13 Feb 2020 06:08:45 +0000
4Subject: [PATCH] rarpd: rdisc: Drop PrivateUsers
5
6Neither rarpd nor rdisc can gain the necessary capabilities with
7PrivateUsers enabled.
8
9Upstream-Status: Pending
10Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
11---
12 systemd/rarpd.service.in | 1 -
13 systemd/rdisc.service.in | 3 ++-
14 2 files changed, 2 insertions(+), 2 deletions(-)
15
16diff --git a/systemd/rarpd.service.in b/systemd/rarpd.service.in
17index e600c10c93e6..f5d7621a7ce8 100644
18--- a/systemd/rarpd.service.in
19+++ b/systemd/rarpd.service.in
20@@ -12,7 +12,6 @@ AmbientCapabilities=CAP_NET_RAW
21 DynamicUser=yes
22 PrivateTmp=yes
23 PrivateDevices=yes
24-PrivateUsers=yes
25 ProtectSystem=strict
26 ProtectHome=yes
27 ProtectControlGroups=yes
28diff --git a/systemd/rdisc.service.in b/systemd/rdisc.service.in
29index 4e2a1ec9d0e5..a71b87d36b37 100644
30--- a/systemd/rdisc.service.in
31+++ b/systemd/rdisc.service.in
32@@ -8,9 +8,10 @@ After=network.target
33 EnvironmentFile=-/etc/sysconfig/rdisc
34 ExecStart=@sbindir@/rdisc -f -t $OPTIONS $SEND_ADDRESS $RECEIVE_ADDRESS
35
36+CapabilityBoundingSet=CAP_NET_RAW
37 AmbientCapabilities=CAP_NET_RAW
38 PrivateTmp=yes
39-PrivateUsers=yes
40+DynamicUser=yes
41 ProtectSystem=strict
42 ProtectHome=yes
43 ProtectControlGroups=yes
44--
452.17.1
46