diff --git a/SOURCES/0001-systemd-remove-unsupported-option-ControlGroup.patch b/SOURCES/0001-systemd-remove-unsupported-option-ControlGroup.patch new file mode 100644 index 0000000..29691a1 --- /dev/null +++ b/SOURCES/0001-systemd-remove-unsupported-option-ControlGroup.patch @@ -0,0 +1,26 @@ +From 28f252a04151a439b62bb929a3dd2d771f7b91dd Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Tue, 9 Sep 2014 12:46:17 +0200 +Subject: [PATCH] systemd: remove unsupported option ControlGroup= + +--- + rtkit-daemon.service.in | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/rtkit-daemon.service.in b/rtkit-daemon.service.in +index 3dfefa6..d0dc786 100644 +--- a/rtkit-daemon.service.in ++++ b/rtkit-daemon.service.in +@@ -27,9 +27,5 @@ CapabilityBoundingSet=CAP_SYS_NICE CAP_DAC_READ_SEARCH CAP_SYS_PTRACE CAP_SYS_CH + PrivateTmp=yes + PrivateNetwork=yes + +-# Work around the fact that the Linux currently doesn't assign any RT +-# budget to CPU control groups that have none configured explicitly +-ControlGroup=cpu:/ +- + [Install] + WantedBy=graphical.target +-- +1.8.3.1 + diff --git a/SPECS/rtkit.spec b/SPECS/rtkit.spec index d5dba85..8995b96 100644 --- a/SPECS/rtkit.spec +++ b/SPECS/rtkit.spec @@ -1,6 +1,8 @@ +%global _hardened_build 1 + Name: rtkit Version: 0.11 -Release: 8%{?dist} +Release: 10%{?dist} Summary: Realtime Policy and Watchdog Daemon Group: System Environment/Base # The daemon itself is GPLv3+, the reference implementation for the client BSD @@ -18,6 +20,7 @@ BuildRequires: autoconf automake libtool Source0: http://0pointer.de/public/%{name}-%{version}.tar.xz Patch1: 0001-build-Link-against-lrt.patch Patch2: 0001-SECURITY-Pass-uid-of-caller-to-polkit.patch +Patch3: 0001-systemd-remove-unsupported-option-ControlGroup.patch %description RealtimeKit is a D-Bus system service that changes the @@ -30,6 +33,7 @@ processes. %setup -q %patch1 -p1 %patch2 -p1 +%patch3 -p1 %build autoreconf -fvi @@ -79,6 +83,12 @@ dbus-send --system --type=method_call --dest=org.freedesktop.DBus / org.freedesk %{_mandir}/man8/* %changelog +* Thu Sep 11 2014 Michal Sekletar - 0.11-10 +- turn on hardening flags (#1092529) + +* Tue Sep 09 2014 Michal Sekletar - 0.11-9 +- remove unsupported option ControlGroup for systemd unit file (#1095607) + * Fri Jan 24 2014 Daniel Mach - 0.11-8 - Mass rebuild 2014-01-24