diff options
author | José Bollo <jose.bollo@iot.bzh> | 2018-12-13 14:33:55 +0100 |
---|---|---|
committer | Stéphane Desneux <stephane.desneux@iot.bzh> | 2018-12-14 21:32:04 +0000 |
commit | 27037c57de0a88cdc39934556b786721ae979eff (patch) | |
tree | 79a08b1b8229f700d4ce169b176d4822119fad55 /meta-security/recipes-core/systemd/systemd/0007-tizen-smack-Runs-systemd-journald-with-v216.patch | |
parent | f11a3e7653777ad4342e615f47ec4a5417a2fa96 (diff) |
systemd: Cleanup of recipe of meta-security
The recipe for systemd that belongs to meta-security
was carrying lot of history for probably no purpose.
If history is needed, curious people can still refer to
https://github.com/intel/meta-intel-iot-security
Change-Id: I8762da7feb2084de2a97025498eb47ef815c7954
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'meta-security/recipes-core/systemd/systemd/0007-tizen-smack-Runs-systemd-journald-with-v216.patch')
-rw-r--r-- | meta-security/recipes-core/systemd/systemd/0007-tizen-smack-Runs-systemd-journald-with-v216.patch | 41 |
1 files changed, 0 insertions, 41 deletions
diff --git a/meta-security/recipes-core/systemd/systemd/0007-tizen-smack-Runs-systemd-journald-with-v216.patch b/meta-security/recipes-core/systemd/systemd/0007-tizen-smack-Runs-systemd-journald-with-v216.patch deleted file mode 100644 index dd2c6542e..000000000 --- a/meta-security/recipes-core/systemd/systemd/0007-tizen-smack-Runs-systemd-journald-with-v216.patch +++ /dev/null @@ -1,41 +0,0 @@ -From ccf384ca0f1cabe37e07e752df95ddb1e017a7ef Mon Sep 17 00:00:00 2001 -From: Casey Schaufler <casey@schaufler-ca.com> -Date: Thu, 19 Dec 2013 16:49:28 -0800 -Subject: [PATCH 7/9] tizen-smack: Runs systemd-journald with ^ - -Run systemd-journald with the hat ("^") Smack label. - -The journal daemon needs global read access to gather information -about the services spawned by systemd. The hat label is intended -for this purpose. The journal daemon is the only part of the -System domain that needs read access to the User domain. Giving -the journal daemon the hat label means that we can remove the -System domain's read access to the User domain. - -Upstream-Status: Inappropriate [configuration] - -Change-Id: Ic22633f0c9d99c04f873be8a346786ea577d0370 -Signed-off-by: Casey Schaufler <casey.schaufler@intel.com> ---- - units/systemd-journald.service.in | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in -index a3540c6..745dd84 100644 ---- a/units/systemd-journald.service.in -+++ b/units/systemd-journald.service.in -@@ -20,8 +20,10 @@ Restart=always - RestartSec=0 - NotifyAccess=all - StandardOutput=null -+SmackProcessLabel=^ --CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID -+CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE - WatchdogSec=1min -+FileDescriptorStoreMax=1024 - - # Increase the default a bit in order to allow many simultaneous - # services being run since we keep one fd open per service. --- -1.8.4.5 - |