nixpkgs/pkgs/os-specific/linux/systemd/0010-Fix-CPUShares-configuration-option.patch
Eelco Dolstra e65ff3b72a systemd: Prevent privilege escalation via polkit
Cherry-picked from upstream.  Also applied a fix for the CPUShares
configuration option while I'm at it.

CVE-2013-4327
2013-09-30 13:30:15 +02:00

27 lines
1.3 KiB
Diff

From 687e657cd320cb4d4ae442e3529ae9571108bb6e Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Fri, 24 May 2013 13:34:53 -0400
Subject: [PATCH 10/11] Fix CPUShares configuration option
This fixes the error message "Unknown or unsupported cgroup attribute
CPUShares".
---
src/core/cgroup-semantics.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/cgroup-semantics.c b/src/core/cgroup-semantics.c
index 82b02bb..7df9d01 100644
--- a/src/core/cgroup-semantics.c
+++ b/src/core/cgroup-semantics.c
@@ -255,7 +255,7 @@ static int map_blkio(const CGroupSemantics *s, const char *value, char **ret) {
}
static const CGroupSemantics semantics[] = {
- { "cpu", "cpu.shares", "CPUShare", false, parse_cpu_shares, NULL, NULL },
+ { "cpu", "cpu.shares", "CPUShares", false, parse_cpu_shares, NULL, NULL },
{ "memory", "memory.soft_limit_in_bytes", "MemorySoftLimit", false, parse_memory_limit, NULL, NULL },
{ "memory", "memory.limit_in_bytes", "MemoryLimit", false, parse_memory_limit, NULL, NULL },
{ "devices", "devices.allow", "DeviceAllow", true, parse_device, map_device, NULL },
--
1.8.3.4