From 01ff44aeedce5dba803ea7ae761fa06615b6e0af Mon Sep 17 00:00:00 2001
From: Honggang Li <honli@redhat.com>
Date: Wed, 27 Dec 2017 11:44:33 +0800
Subject: [PATCH] srp_daemon: Remove unsupported systemd configurations
Note: This is rhel-7.5 specific patch.
+--------------------------+---------------+
| lvalue | systemd |
+--------------------------+---------------+
| MemoryDenyWriteExecute | 231 |
| ProtectControlGroups | 232 |
| ProtectKernelModules | 232 |
| RestrictRealtime | 231 |
+--------------------------+---------------+
RHEL-7.5 includes systemd-219-51 which does not support
those configuration yet, so remove them.
Signed-off-by: Honggang Li <honli@redhat.com>
---
srp_daemon/srp_daemon.service.in | 3 ---
srp_daemon/srp_daemon_port@.service.in | 4 ----
2 files changed, 7 deletions(-)
diff --git a/srp_daemon/srp_daemon.service.in b/srp_daemon/srp_daemon.service.in
index 93e44425..b8bea643 100644
--- a/srp_daemon/srp_daemon.service.in
+++ b/srp_daemon/srp_daemon.service.in
@@ -10,11 +10,8 @@ Before=remote-fs-pre.target
Type=oneshot
RemainAfterExit=yes
ExecStart=@CMAKE_INSTALL_FULL_LIBEXECDIR@/srp_daemon/start_on_all_ports
-MemoryDenyWriteExecute=yes
PrivateTmp=yes
ProtectHome=yes
-ProtectKernelModules=yes
-RestrictRealtime=yes
[Install]
WantedBy=remote-fs-pre.target
diff --git a/srp_daemon/srp_daemon_port@.service.in b/srp_daemon/srp_daemon_port@.service.in
index 3d5a11e8..7516e8a2 100644
--- a/srp_daemon/srp_daemon_port@.service.in
+++ b/srp_daemon/srp_daemon_port@.service.in
@@ -24,14 +24,10 @@ BindsTo=srp_daemon.service
[Service]
Type=simple
ExecStart=@CMAKE_INSTALL_FULL_SBINDIR@/srp_daemon --systemd -e -c -n -j %I -R 60
-MemoryDenyWriteExecute=yes
PrivateNetwork=yes
PrivateTmp=yes
-ProtectControlGroups=yes
ProtectHome=yes
-ProtectKernelModules=yes
ProtectSystem=full
-RestrictRealtime=yes
SystemCallFilter=~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io
[Install]
--
2.15.GIT