From d950fcd511c79193ff1ed9a994826d6bb61e77c1 Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Tue, 4 Aug 2015 12:20:20 +0200 Subject: spec: Provide default-yama-scope. When yama is enabled in the kernel it might be used to filter any user space access which requires PTRACE_MODE_ATTACH like ptrace attach, access to /proc/PID/{mem,personality,stack,syscall}, and the syscalls process_vm_readv and process_vm_writev which are used for interprocess services, communication and introspection (like synchronisation, signaling, debugging, tracing and profiling) of processes. These are precisely the things that libdw dwfl and ebl backends rely on. So make sure they don't mysteriously fail in such cases by providing the default yama scope sysctl value. This is implemented as a separate subpackage that just provides this functionality so other packages that don't directly rely on elfutils-libs can also just Requires: default-yama-scope to function properly. https://bugzilla.redhat.com/show_bug.cgi?id=1209492#c69 Signed-off-by: Mark Wielaard --- config/elfutils.spec.in | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'config/elfutils.spec.in') diff --git a/config/elfutils.spec.in b/config/elfutils.spec.in index 5407f1ab..e5f6e29c 100644 --- a/config/elfutils.spec.in +++ b/config/elfutils.spec.in @@ -10,6 +10,7 @@ Obsoletes: libelf libelf-devel Requires: elfutils-libelf = %{version}-%{release} Requires: glibc >= 2.7 Requires: libstdc++ +Requires: default-yama-scope # ExcludeArch: xxx @@ -97,6 +98,22 @@ Conflicts: libelf-devel The elfutils-libelf-static package contains the static archive for libelf. +%package default-yama-scope +Summary: Default yama attach scope sysctl setting +Group: Development/Tools +License: GPLv2+ or LGPLv3+ +Provides: default-yama-scope +BuildArch: noarch + +%description default-yama-scope +Yama sysctl setting to enable default attach scope settings +enabling programs to use ptrace attach, access to +/proc/PID/{mem,personality,stack,syscall}, and the syscalls +process_vm_readv and process_vm_writev which are used for +interprocess services, communication and introspection +(like synchronisation, signaling, debugging, tracing and +profiling) of processes. + %prep %setup -q @@ -121,6 +138,8 @@ chmod +x ${RPM_BUILD_ROOT}%{_prefix}/%{_lib}/elfutils/lib*.so* rm -f .%{_libdir}/libasm.a } +install -Dm0644 config/10-default-yama-scope.conf ${RPM_BUILD_ROOT}%{_sysctldir}/10-default-yama-scope.conf + %check make check @@ -135,6 +154,9 @@ rm -rf ${RPM_BUILD_ROOT} %postun libelf -p /sbin/ldconfig +%post default-yama-scope +%sysctl_apply 10-default-yama-scope.conf + %files %defattr(-,root,root) %doc COPYING COPYING-GPLV2 COPYING-LGPLV3 README TODO CONTRIBUTING @@ -197,6 +219,9 @@ rm -rf ${RPM_BUILD_ROOT} %files libelf-devel-static %{_libdir}/libelf.a +%files default-yama-scope +%config(noreplace) %{_sysctldir}/10-default-yama-scope.conf + %changelog * Fri Jun 19 2015 Mark Wielaard 0.163-1 - Bug fixes only, no new features. -- cgit v1.2.1