On Tue, 2015-06-23 at 16:56 +0200, Mark Wielaard wrote: > On Tue, 2015-06-23 at 09:11 -0400, Josh Boyer wrote: > > On Tue, Jun 23, 2015 at 9:09 AM, Mark Wielaard <mjw@xxxxxxxxxx> wrote: > > >> We don't ship any other sysctl files in the kernel package. > > > > > > But we do ship other service and config files. Which is what this patch > > > modeled after. The alternative fix for the kernel is to just disable > > > yama completely. But then the admin cannot add any more yama based > > > restrictions at all if they wanted. > > > > I suggested submitting this to the systemd package to sit with all the > > rest of the sysctl options we ship in the distro. I wasn't saying > > don't ship it. I was saying keep it with everything else. > > OK. I made a patch for the systemd package and attached it to a new bug: > https://bugzilla.redhat.com/show_bug.cgi?id=1234951 > Once that patch is applied to the f22 systemd package the kernel package > should probably depend on the version in which it is fixed. The systemd maintainers decided they don't want to carry sysctl files for the kernel. So I have attached an alternative patch to https://bugzilla.redhat.com/show_bug.cgi?id=1209492 (an to this email) to revert the yama config setting to the upstream default. This fixes all packages relying on the default ptrace security settings. The patch is against the f22 kernel git repo (but I saw mention of some alternate git tree, so please let me know if I should regenerate it against something else). Thanks, Mark
_______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
