packages/iputils
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync 21.03 patch to fix rdisc service failed

Browse Source
This commit is contained in:
eaglegai 2021-05-17 10:45:24 +08:00
parent 2462da0d02
commit ce76e4fc9e
2 changed files with 46 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
bugfix-rdisc-remove-PrivateUsers=yes-from-systemd-service-file.patch Normal file
View File

@ -0,0 +1,37 @@
From 21d0826711b750367edaf01645aac1d03b3b7611 Mon Sep 17 00:00:00 2001
From: Sami Kerola <kerolasa@iki.fi>
Date: Wed, 3 Mar 2021 20:51:18 +0000
Subject: [PATCH] rdisc: remove PrivateUsers=yes from systemd service file
Quoting systemd.exec(5) manual page 'Specifically this means that the
process will have zero process capabilities on the host's user namespace'.
That does not combine will with CAP_NET_RAW that needs to take effect host's
namespace.
Secondly add CapabilityBoundingSet that is will ensure capabilities are
limited to the one and only capability it needs.
Fixes: https://github.com/iputils/iputils/issues/314
Reference: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateUsers=
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
systemd/rdisc.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/systemd/rdisc.service.in b/systemd/rdisc.service.in
index 4e2a1ec..6ef7fc3 100644
--- a/systemd/rdisc.service.in
+++ b/systemd/rdisc.service.in
@@ -9,8 +9,8 @@ EnvironmentFile=-/etc/sysconfig/rdisc
ExecStart=@sbindir@/rdisc -f -t $OPTIONS $SEND_ADDRESS $RECEIVE_ADDRESS
AmbientCapabilities=CAP_NET_RAW
+CapabilityBoundingSet=CAP_NET_RAW
PrivateTmp=yes
-PrivateUsers=yes
ProtectSystem=strict
ProtectHome=yes
ProtectControlGroups=yes
--
2.23.0

10
iputils.spec
View File

@ -1,6 +1,6 @@
Name: iputils Name: iputils
Version: 20190709 Version: 20190709
Release: 6 Release: 7
Summary: Network monitoring tools including ping Summary: Network monitoring tools including ping
License: BSD and GPLv2+ License: BSD and GPLv2+
URL: https://github.com/iputils/iputils URL: https://github.com/iputils/iputils
@ -17,6 +17,7 @@ Patch100: iputils-ifenslave.patch
Patch6000: 0001-iputils-arpings.patch Patch6000: 0001-iputils-arpings.patch
Patch6001: 0002-iputils-arpings-count.patch Patch6001: 0002-iputils-arpings-count.patch
Patch6002: bugfix-arpping-make-update-neighbours-work-again.patch Patch6002: bugfix-arpping-make-update-neighbours-work-again.patch
Patch6003: bugfix-rdisc-remove-PrivateUsers=yes-from-systemd-service-file.patch
Patch9000: bugfix-fix-ping-dead-loop.patch Patch9000: bugfix-fix-ping-dead-loop.patch
Patch9001: bugfix-arping-w-does-not-take-effect.patch Patch9001: bugfix-arping-w-does-not-take-effect.patch
@ -46,6 +47,7 @@ cp %{SOURCE4} %{SOURCE5} .
%patch6000 -p1 %patch6000 -p1
%patch6001 -p1 %patch6001 -p1
%patch6002 -p1 %patch6002 -p1
%patch6003 -p1
%patch9000 -p1 %patch9000 -p1
%patch9001 -p1 %patch9001 -p1
%patch9002 -p1 %patch9002 -p1
@ -103,6 +105,12 @@ install -cp ifenslave.8 ${RPM_BUILD_ROOT}%{_mandir}/man8/
%{_mandir}/man8/*.8.gz %{_mandir}/man8/*.8.gz
%changelog %changelog
* Mon May 17 2021 gaihuiying <gaihuiying1@huawei.com> - 20190709-7
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:sync 21.03 patch to fix rdisc service failed
* Thu Dec 10 2020 lunankun <lunankun@huawei.com> - 20190709-6 * Thu Dec 10 2020 lunankun <lunankun@huawei.com> - 20190709-6
- Type:bugfix - Type:bugfix
- Id:NA - Id:NA