On Mon, 2015-07-06 at 09:39 -0400, Josh Boyer wrote: > On Mon, Jul 6, 2015 at 9:10 AM, Mark Wielaard <mjw@xxxxxxxxxx> wrote: > > On Tue, 2015-06-23 at 16:56 +0200, Mark Wielaard wrote: > >> On Tue, 2015-06-23 at 09:11 -0400, Josh Boyer wrote: > >> > On Tue, Jun 23, 2015 at 9:09 AM, Mark Wielaard <mjw@xxxxxxxxxx> wrote: > >> > >> We don't ship any other sysctl files in the kernel package. > >> > > > >> > > But we do ship other service and config files. Which is what this patch > >> > > modeled after. The alternative fix for the kernel is to just disable > >> > > yama completely. But then the admin cannot add any more yama based > >> > > restrictions at all if they wanted. > >> > > >> > I suggested submitting this to the systemd package to sit with all the > >> > rest of the sysctl options we ship in the distro. I wasn't saying > >> > don't ship it. I was saying keep it with everything else. > >> > >> OK. I made a patch for the systemd package and attached it to a new bug: > >> https://bugzilla.redhat.com/show_bug.cgi?id=1234951 > >> Once that patch is applied to the f22 systemd package the kernel package > >> should probably depend on the version in which it is fixed. > > > > The systemd maintainers decided they don't want to carry sysctl files > > for the kernel. So I have attached an alternative patch to > > No, that isn't what they decided. They pushed a change to systemd > that contained the sysctl file: > > commit 90aeeef683cc21ad43162f1e45a08d335776825e > Author: Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> > Date: Sat Jun 27 14:00:14 2015 -0400 > > Add example file with yama config > > it simply lacks the value you desire. It does have the desired value, but it is installed in _pkgdocdir, not in _sysctldir. So it doesn't actuall fix any package that is currently broken. > > https://bugzilla.redhat.com/show_bug.cgi?id=1209492 (an to this email) > > to revert the yama config setting to the upstream default. This fixes > > That would make the sysctl file systemd just added on your request > completely pointless and actually incorrect because changing the value > wouldn't work at all. Yes, that is a downside of the patch. You won't be able to switch the default value anymore. But if we cannot do that by installing the sysctl file in either the kernel or systemd the alternative would be to hunt down and fix all individually packages that rely on ptrace working normally. Which seems unattractive to me if the fix in the kernel is so simple. Cheers, Mark _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
