Fix previous patch and revert the change that requires selinux policy update
This commit is contained in:
		
							parent
							
								
									4100d92c45
								
							
						
					
					
						commit
						b80d668d9e
					
				| @ -1,4 +1,4 @@ | |||||||
| From 034967a2a644c8cdbf855f0079299b71b6a1f435 Mon Sep 17 00:00:00 2001 | From 847364f5123f108884f8c59fb05d7ff941693dfb Mon Sep 17 00:00:00 2001 | ||||||
| From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> | From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> | ||||||
| Date: Fri, 21 Dec 2018 22:49:53 +0100 | Date: Fri, 21 Dec 2018 22:49:53 +0100 | ||||||
| Subject: [PATCH] test-json: check absolute and relative difference in floating | Subject: [PATCH] test-json: check absolute and relative difference in floating | ||||||
| @ -17,7 +17,7 @@ Let's do the usual-style test for absolute and relative differences. | |||||||
|  1 file changed, 7 insertions(+), 9 deletions(-) |  1 file changed, 7 insertions(+), 9 deletions(-) | ||||||
| 
 | 
 | ||||||
| diff --git a/src/test/test-json.c b/src/test/test-json.c
 | diff --git a/src/test/test-json.c b/src/test/test-json.c
 | ||||||
| index 5aa4d19dbe..e6ec9bfba8 100644
 | index 5aa4d19dbe..cd6269f798 100644
 | ||||||
| --- a/src/test/test-json.c
 | --- a/src/test/test-json.c
 | ||||||
| +++ b/src/test/test-json.c
 | +++ b/src/test/test-json.c
 | ||||||
| @@ -1,9 +1,6 @@
 | @@ -1,9 +1,6 @@
 | ||||||
| @ -42,11 +42,11 @@ index 5aa4d19dbe..e6ec9bfba8 100644 | |||||||
| -                                assert_se(fabsl(d - v.real) < 0.001L);
 | -                                assert_se(fabsl(d - v.real) < 0.001L);
 | ||||||
| +                        /* Valgrind doesn't support long double calculations and automatically downgrades to 80bit:
 | +                        /* Valgrind doesn't support long double calculations and automatically downgrades to 80bit:
 | ||||||
| +                         * http://www.valgrind.org/docs/manual/manual-core.html#manual-core.limits.
 | +                         * http://www.valgrind.org/docs/manual/manual-core.html#manual-core.limits.
 | ||||||
| +                         * Some architectures might now support long double either.
 | +                         * Some architectures might not support long double either.
 | ||||||
| +                         */
 | +                         */
 | ||||||
| +
 | +
 | ||||||
| +                        assert_se(fabsl(d - v.real) < 1e-15 ||
 | +                        assert_se(fabsl(d - v.real) < 1e-10 ||
 | ||||||
| +                                  fabsl(d - v.real) / v.real < 1e-15);
 | +                                  fabsl((d - v.real) / v.real) < 1e-10);
 | ||||||
|   |   | ||||||
|                  } else if (t == JSON_TOKEN_INTEGER) { |                  } else if (t == JSON_TOKEN_INTEGER) { | ||||||
|                          intmax_t i; |                          intmax_t i; | ||||||
|  | |||||||
							
								
								
									
										207
									
								
								0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										207
									
								
								0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,207 @@ | |||||||
|  | From 2cce22a4279d4f304e75b87b56b9eeb5cd313566 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> | ||||||
|  | Date: Sat, 22 Dec 2018 11:11:04 +0100 | ||||||
|  | Subject: [PATCH] Revert "units: set NoNewPrivileges= for all long-running | ||||||
|  |  services" | ||||||
|  | 
 | ||||||
|  | This reverts commit 64d7f7b4a15f1534fb19fda6b601fec50783bee4. | ||||||
|  | ---
 | ||||||
|  |  units/systemd-coredump@.service.in        | 1 - | ||||||
|  |  units/systemd-hostnamed.service.in        | 1 - | ||||||
|  |  units/systemd-initctl.service.in          | 1 - | ||||||
|  |  units/systemd-journal-gatewayd.service.in | 1 - | ||||||
|  |  units/systemd-journal-remote.service.in   | 1 - | ||||||
|  |  units/systemd-journal-upload.service.in   | 1 - | ||||||
|  |  units/systemd-journald.service.in         | 1 - | ||||||
|  |  units/systemd-localed.service.in          | 1 - | ||||||
|  |  units/systemd-logind.service.in           | 1 - | ||||||
|  |  units/systemd-machined.service.in         | 1 - | ||||||
|  |  units/systemd-networkd.service.in         | 1 - | ||||||
|  |  units/systemd-resolved.service.in         | 1 - | ||||||
|  |  units/systemd-rfkill.service.in           | 1 - | ||||||
|  |  units/systemd-timedated.service.in        | 1 - | ||||||
|  |  units/systemd-timesyncd.service.in        | 1 - | ||||||
|  |  15 files changed, 15 deletions(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/units/systemd-coredump@.service.in b/units/systemd-coredump@.service.in
 | ||||||
|  | index ffcb5f36ca..74dcf7fe06 100644
 | ||||||
|  | --- a/units/systemd-coredump@.service.in
 | ||||||
|  | +++ b/units/systemd-coredump@.service.in
 | ||||||
|  | @@ -22,7 +22,6 @@ IPAddressDeny=any
 | ||||||
|  |  LockPersonality=yes | ||||||
|  |  MemoryDenyWriteExecute=yes | ||||||
|  |  Nice=9 | ||||||
|  | -NoNewPrivileges=yes
 | ||||||
|  |  OOMScoreAdjust=500 | ||||||
|  |  PrivateDevices=yes | ||||||
|  |  PrivateNetwork=yes | ||||||
|  | diff --git a/units/systemd-hostnamed.service.in b/units/systemd-hostnamed.service.in
 | ||||||
|  | index 9c925e80d9..696d4e2e60 100644
 | ||||||
|  | --- a/units/systemd-hostnamed.service.in
 | ||||||
|  | +++ b/units/systemd-hostnamed.service.in
 | ||||||
|  | @@ -19,7 +19,6 @@ ExecStart=@rootlibexecdir@/systemd-hostnamed
 | ||||||
|  |  IPAddressDeny=any | ||||||
|  |  LockPersonality=yes | ||||||
|  |  MemoryDenyWriteExecute=yes | ||||||
|  | -NoNewPrivileges=yes
 | ||||||
|  |  PrivateDevices=yes | ||||||
|  |  PrivateNetwork=yes | ||||||
|  |  PrivateTmp=yes | ||||||
|  | diff --git a/units/systemd-initctl.service.in b/units/systemd-initctl.service.in
 | ||||||
|  | index c276283908..f48d673d58 100644
 | ||||||
|  | --- a/units/systemd-initctl.service.in
 | ||||||
|  | +++ b/units/systemd-initctl.service.in
 | ||||||
|  | @@ -14,6 +14,5 @@ DefaultDependencies=no
 | ||||||
|  |   | ||||||
|  |  [Service] | ||||||
|  |  ExecStart=@rootlibexecdir@/systemd-initctl | ||||||
|  | -NoNewPrivileges=yes
 | ||||||
|  |  NotifyAccess=all | ||||||
|  |  SystemCallArchitectures=native | ||||||
|  | diff --git a/units/systemd-journal-gatewayd.service.in b/units/systemd-journal-gatewayd.service.in
 | ||||||
|  | index ebc8bf9a25..5ef4ee0058 100644
 | ||||||
|  | --- a/units/systemd-journal-gatewayd.service.in
 | ||||||
|  | +++ b/units/systemd-journal-gatewayd.service.in
 | ||||||
|  | @@ -17,7 +17,6 @@ DynamicUser=yes
 | ||||||
|  |  ExecStart=@rootlibexecdir@/systemd-journal-gatewayd | ||||||
|  |  LockPersonality=yes | ||||||
|  |  MemoryDenyWriteExecute=yes | ||||||
|  | -NoNewPrivileges=yes
 | ||||||
|  |  PrivateDevices=yes | ||||||
|  |  PrivateNetwork=yes | ||||||
|  |  ProtectControlGroups=yes | ||||||
|  | diff --git a/units/systemd-journal-remote.service.in b/units/systemd-journal-remote.service.in
 | ||||||
|  | index 29a99aaec1..ec1311da88 100644
 | ||||||
|  | --- a/units/systemd-journal-remote.service.in
 | ||||||
|  | +++ b/units/systemd-journal-remote.service.in
 | ||||||
|  | @@ -17,7 +17,6 @@ ExecStart=@rootlibexecdir@/systemd-journal-remote --listen-https=-3 --output=/va
 | ||||||
|  |  LockPersonality=yes | ||||||
|  |  LogsDirectory=journal/remote | ||||||
|  |  MemoryDenyWriteExecute=yes | ||||||
|  | -NoNewPrivileges=yes
 | ||||||
|  |  PrivateDevices=yes | ||||||
|  |  PrivateNetwork=yes | ||||||
|  |  PrivateTmp=yes | ||||||
|  | diff --git a/units/systemd-journal-upload.service.in b/units/systemd-journal-upload.service.in
 | ||||||
|  | index 92cd4e5259..a15744e1e8 100644
 | ||||||
|  | --- a/units/systemd-journal-upload.service.in
 | ||||||
|  | +++ b/units/systemd-journal-upload.service.in
 | ||||||
|  | @@ -18,7 +18,6 @@ DynamicUser=yes
 | ||||||
|  |  ExecStart=@rootlibexecdir@/systemd-journal-upload --save-state | ||||||
|  |  LockPersonality=yes | ||||||
|  |  MemoryDenyWriteExecute=yes | ||||||
|  | -NoNewPrivileges=yes
 | ||||||
|  |  PrivateDevices=yes | ||||||
|  |  ProtectControlGroups=yes | ||||||
|  |  ProtectHome=yes | ||||||
|  | diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
 | ||||||
|  | index 4684f095c0..7b659d4b03 100644
 | ||||||
|  | --- a/units/systemd-journald.service.in
 | ||||||
|  | +++ b/units/systemd-journald.service.in
 | ||||||
|  | @@ -22,7 +22,6 @@ FileDescriptorStoreMax=4224
 | ||||||
|  |  IPAddressDeny=any | ||||||
|  |  LockPersonality=yes | ||||||
|  |  MemoryDenyWriteExecute=yes | ||||||
|  | -NoNewPrivileges=yes
 | ||||||
|  |  Restart=always | ||||||
|  |  RestartSec=0 | ||||||
|  |  RestrictAddressFamilies=AF_UNIX AF_NETLINK | ||||||
|  | diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in
 | ||||||
|  | index 01e0703d0e..7d40fb4897 100644
 | ||||||
|  | --- a/units/systemd-localed.service.in
 | ||||||
|  | +++ b/units/systemd-localed.service.in
 | ||||||
|  | @@ -19,7 +19,6 @@ ExecStart=@rootlibexecdir@/systemd-localed
 | ||||||
|  |  IPAddressDeny=any | ||||||
|  |  LockPersonality=yes | ||||||
|  |  MemoryDenyWriteExecute=yes | ||||||
|  | -NoNewPrivileges=yes
 | ||||||
|  |  PrivateDevices=yes | ||||||
|  |  PrivateNetwork=yes | ||||||
|  |  PrivateTmp=yes | ||||||
|  | diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
 | ||||||
|  | index 38a7f269ac..6b362ccdca 100644
 | ||||||
|  | --- a/units/systemd-logind.service.in
 | ||||||
|  | +++ b/units/systemd-logind.service.in
 | ||||||
|  | @@ -27,7 +27,6 @@ FileDescriptorStoreMax=512
 | ||||||
|  |  IPAddressDeny=any | ||||||
|  |  LockPersonality=yes | ||||||
|  |  MemoryDenyWriteExecute=yes | ||||||
|  | -NoNewPrivileges=yes
 | ||||||
|  |  Restart=always | ||||||
|  |  RestartSec=0 | ||||||
|  |  RestrictAddressFamilies=AF_UNIX AF_NETLINK | ||||||
|  | diff --git a/units/systemd-machined.service.in b/units/systemd-machined.service.in
 | ||||||
|  | index 9f1476814d..d90e71ae67 100644
 | ||||||
|  | --- a/units/systemd-machined.service.in
 | ||||||
|  | +++ b/units/systemd-machined.service.in
 | ||||||
|  | @@ -22,7 +22,6 @@ ExecStart=@rootlibexecdir@/systemd-machined
 | ||||||
|  |  IPAddressDeny=any | ||||||
|  |  LockPersonality=yes | ||||||
|  |  MemoryDenyWriteExecute=yes | ||||||
|  | -NoNewPrivileges=yes
 | ||||||
|  |  RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 | ||||||
|  |  RestrictRealtime=yes | ||||||
|  |  SystemCallArchitectures=native | ||||||
|  | diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in
 | ||||||
|  | index 472ef045de..f23bf227fb 100644
 | ||||||
|  | --- a/units/systemd-networkd.service.in
 | ||||||
|  | +++ b/units/systemd-networkd.service.in
 | ||||||
|  | @@ -24,7 +24,6 @@ CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_N
 | ||||||
|  |  ExecStart=!!@rootlibexecdir@/systemd-networkd | ||||||
|  |  LockPersonality=yes | ||||||
|  |  MemoryDenyWriteExecute=yes | ||||||
|  | -NoNewPrivileges=yes
 | ||||||
|  |  ProtectControlGroups=yes | ||||||
|  |  ProtectHome=yes | ||||||
|  |  ProtectKernelModules=yes | ||||||
|  | diff --git a/units/systemd-resolved.service.in b/units/systemd-resolved.service.in
 | ||||||
|  | index 3144b70063..d08842f0d4 100644
 | ||||||
|  | --- a/units/systemd-resolved.service.in
 | ||||||
|  | +++ b/units/systemd-resolved.service.in
 | ||||||
|  | @@ -25,7 +25,6 @@ CapabilityBoundingSet=CAP_SETPCAP CAP_NET_RAW CAP_NET_BIND_SERVICE
 | ||||||
|  |  ExecStart=!!@rootlibexecdir@/systemd-resolved | ||||||
|  |  LockPersonality=yes | ||||||
|  |  MemoryDenyWriteExecute=yes | ||||||
|  | -NoNewPrivileges=yes
 | ||||||
|  |  PrivateDevices=yes | ||||||
|  |  PrivateTmp=yes | ||||||
|  |  ProtectControlGroups=yes | ||||||
|  | diff --git a/units/systemd-rfkill.service.in b/units/systemd-rfkill.service.in
 | ||||||
|  | index 3abb958310..7447ed5b5b 100644
 | ||||||
|  | --- a/units/systemd-rfkill.service.in
 | ||||||
|  | +++ b/units/systemd-rfkill.service.in
 | ||||||
|  | @@ -18,7 +18,6 @@ Before=shutdown.target
 | ||||||
|  |   | ||||||
|  |  [Service] | ||||||
|  |  ExecStart=@rootlibexecdir@/systemd-rfkill | ||||||
|  | -NoNewPrivileges=yes
 | ||||||
|  |  StateDirectory=systemd/rfkill | ||||||
|  |  TimeoutSec=30s | ||||||
|  |  Type=notify | ||||||
|  | diff --git a/units/systemd-timedated.service.in b/units/systemd-timedated.service.in
 | ||||||
|  | index 6d53024195..1105f1a980 100644
 | ||||||
|  | --- a/units/systemd-timedated.service.in
 | ||||||
|  | +++ b/units/systemd-timedated.service.in
 | ||||||
|  | @@ -19,7 +19,6 @@ ExecStart=@rootlibexecdir@/systemd-timedated
 | ||||||
|  |  IPAddressDeny=any | ||||||
|  |  LockPersonality=yes | ||||||
|  |  MemoryDenyWriteExecute=yes | ||||||
|  | -NoNewPrivileges=yes
 | ||||||
|  |  PrivateTmp=yes | ||||||
|  |  ProtectControlGroups=yes | ||||||
|  |  ProtectHome=yes | ||||||
|  | diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in
 | ||||||
|  | index 03ade45d08..8b99e92e01 100644
 | ||||||
|  | --- a/units/systemd-timesyncd.service.in
 | ||||||
|  | +++ b/units/systemd-timesyncd.service.in
 | ||||||
|  | @@ -24,7 +24,6 @@ CapabilityBoundingSet=CAP_SYS_TIME
 | ||||||
|  |  ExecStart=!!@rootlibexecdir@/systemd-timesyncd | ||||||
|  |  LockPersonality=yes | ||||||
|  |  MemoryDenyWriteExecute=yes | ||||||
|  | -NoNewPrivileges=yes
 | ||||||
|  |  PrivateDevices=yes | ||||||
|  |  PrivateTmp=yes | ||||||
|  |  ProtectControlGroups=yes | ||||||
|  | -- 
 | ||||||
|  | 2.19.2 | ||||||
|  | 
 | ||||||
| @ -51,6 +51,7 @@ GIT_DIR=../../src/systemd/.git git diffab -M v233..master@{2017-06-15} -- hwdb/[ | |||||||
| %endif | %endif | ||||||
| 
 | 
 | ||||||
| Patch0001:      0001-test-json-check-absolute-and-relative-difference-in-.patch | Patch0001:      0001-test-json-check-absolute-and-relative-difference-in-.patch | ||||||
|  | Patch0002:      0002-Revert-units-set-NoNewPrivileges-for-all-long-runnin.patch | ||||||
| 
 | 
 | ||||||
| Patch0998:      0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch | Patch0998:      0998-resolved-create-etc-resolv.conf-symlink-at-runtime.patch | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user