| Andrew Geissler | 220dafd | 2023-10-04 10:18:08 -0500 | [diff] [blame^] | 1 | From 046d853818f18bac5df4dfc007151e06fd64a5b3 Mon Sep 17 00:00:00 2001 |
| 2 | From: Markus Volk <f_l_k@t-online.de> |
| 3 | Date: Sun, 17 Sep 2023 23:26:59 +0200 |
| 4 | Subject: [PATCH] polkit.service.in: disable MemoryDenyWriteExecute |
| 5 | |
| 6 | A few momths ago some hardening options have been added to polkit.service.in |
| 7 | https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/177/diffs?commit_id=afecbd53696e32bbadd60f431fc7d285f3edd265 |
| 8 | |
| 9 | and polkitd segfaults with MemoryDenyWriteExecute=yes, at least in my environment |
| 10 | |
| 11 | Upstream-Status: Inappropriate [needs further investigation] |
| 12 | |
| 13 | Signed-off-by: Markus Volk <f_l_k@t-online.de> |
| 14 | --- |
| 15 | data/polkit.service.in | 2 +- |
| 16 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 17 | |
| 18 | diff --git a/data/polkit.service.in b/data/polkit.service.in |
| 19 | index 2113ff7..42dfd90 100644 |
| 20 | --- a/data/polkit.service.in |
| 21 | +++ b/data/polkit.service.in |
| 22 | @@ -14,7 +14,7 @@ Group=@polkitd_user@ |
| 23 | IPAddressDeny=any |
| 24 | LimitMEMLOCK=0 |
| 25 | LockPersonality=yes |
| 26 | -MemoryDenyWriteExecute=yes |
| 27 | +#MemoryDenyWriteExecute=yes |
| 28 | NoNewPrivileges=yes |
| 29 | PrivateDevices=yes |
| 30 | PrivateNetwork=yes |
| 31 | -- |
| 32 | 2.41.0 |
| 33 | |