diff options
| author | Mark Wielaard <mjw@redhat.com> | 2015-08-04 12:20:20 +0200 |
|---|---|---|
| committer | Mark Wielaard <mjw@redhat.com> | 2015-08-04 15:29:58 +0200 |
| commit | d950fcd511c79193ff1ed9a994826d6bb61e77c1 (patch) | |
| tree | f455f4f98792916f869134e4ab3c7ea84250513e /config/elfutils.spec.in | |
| parent | f9fc50c3eced243c0648fb0fbfe2c9877c25e1e4 (diff) | |
| download | elfutils-d950fcd511c79193ff1ed9a994826d6bb61e77c1.tar.gz | |
spec: Provide default-yama-scope.
When yama is enabled in the kernel it might be used to filter any user
space access which requires PTRACE_MODE_ATTACH like ptrace attach, access
to /proc/PID/{mem,personality,stack,syscall}, and the syscalls
process_vm_readv and process_vm_writev which are used for interprocess
services, communication and introspection (like synchronisation, signaling,
debugging, tracing and profiling) of processes.
These are precisely the things that libdw dwfl and ebl backends rely on.
So make sure they don't mysteriously fail in such cases by providing the
default yama scope sysctl value.
This is implemented as a separate subpackage that just provides this
functionality so other packages that don't directly rely on elfutils-libs
can also just Requires: default-yama-scope to function properly.
https://bugzilla.redhat.com/show_bug.cgi?id=1209492#c69
Signed-off-by: Mark Wielaard <mjw@redhat.com>
Diffstat (limited to 'config/elfutils.spec.in')
| -rw-r--r-- | config/elfutils.spec.in | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/config/elfutils.spec.in b/config/elfutils.spec.in index 5407f1ab..e5f6e29c 100644 --- a/config/elfutils.spec.in +++ b/config/elfutils.spec.in @@ -10,6 +10,7 @@ Obsoletes: libelf libelf-devel Requires: elfutils-libelf = %{version}-%{release} Requires: glibc >= 2.7 Requires: libstdc++ +Requires: default-yama-scope # ExcludeArch: xxx @@ -97,6 +98,22 @@ Conflicts: libelf-devel The elfutils-libelf-static package contains the static archive for libelf. +%package default-yama-scope +Summary: Default yama attach scope sysctl setting +Group: Development/Tools +License: GPLv2+ or LGPLv3+ +Provides: default-yama-scope +BuildArch: noarch + +%description default-yama-scope +Yama sysctl setting to enable default attach scope settings +enabling programs to use ptrace attach, access to +/proc/PID/{mem,personality,stack,syscall}, and the syscalls +process_vm_readv and process_vm_writev which are used for +interprocess services, communication and introspection +(like synchronisation, signaling, debugging, tracing and +profiling) of processes. + %prep %setup -q @@ -121,6 +138,8 @@ chmod +x ${RPM_BUILD_ROOT}%{_prefix}/%{_lib}/elfutils/lib*.so* rm -f .%{_libdir}/libasm.a } +install -Dm0644 config/10-default-yama-scope.conf ${RPM_BUILD_ROOT}%{_sysctldir}/10-default-yama-scope.conf + %check make check @@ -135,6 +154,9 @@ rm -rf ${RPM_BUILD_ROOT} %postun libelf -p /sbin/ldconfig +%post default-yama-scope +%sysctl_apply 10-default-yama-scope.conf + %files %defattr(-,root,root) %doc COPYING COPYING-GPLV2 COPYING-LGPLV3 README TODO CONTRIBUTING @@ -197,6 +219,9 @@ rm -rf ${RPM_BUILD_ROOT} %files libelf-devel-static %{_libdir}/libelf.a +%files default-yama-scope +%config(noreplace) %{_sysctldir}/10-default-yama-scope.conf + %changelog * Fri Jun 19 2015 Mark Wielaard <mjw@redhat.com> 0.163-1 - Bug fixes only, no new features. |