mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-03 02:10:04 +00:00
rsyslog: add disabled PACKAGECONFIG to drop capabilities
Add PACKAGECONFIG to enable dropping capabilities but leave it as disabled
to follow upstream and avoid a systemd issue described below.
rsyslog-8.2302 added a configure option to drop capabilities from
full to:
chown, dac_override, setgid, setuid, setpcap, net_bind_service,
net_admin, ipc_lock, sys_chroot, sys_admin, sys_resource, lease,
syslog, block_suspend
This works fine and passes ptests with sysvinit however
there is a bug when using systemd that breaks some tests:
https://github.com/rsyslog/rsyslog/issues/5091
Therefore only add a non-default PACKAGECONFIG option in keeping
with the rsyslog upstream.
One can install libcap-ng-bin to run pscap to see the capabilities.
Without this option the ptest result with systemd as init is:
Version | Passed | Failed | Skipped
8.2302 | 473 | 0 | 3
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Randy MacLeod
Khem Raj
@@ -76,6 +76,8 @@ PACKAGECONFIG[mmjsonparse] = "--enable-mmjsonparse,--disable-mmjsonparse,"
|
||||
PACKAGECONFIG[mysql] = "--enable-mysql,--disable-mysql,mysql5,"
|
||||
PACKAGECONFIG[postgresql] = "--enable-pgsql,--disable-pgsql,postgresql,"
|
||||
PACKAGECONFIG[libdbi] = "--enable-libdbi,--disable-libdbi,libdbi,"
|
||||
# For libcap-ng, see commit log and https://github.com/rsyslog/rsyslog/issues/5091
|
||||
PACKAGECONFIG[libcap-ng] = "--enable-libcap-ng,--disable-libcap-ng,libcap-ng,"
|
||||
PACKAGECONFIG[mail] = "--enable-mail,--disable-mail,,"
|
||||
PACKAGECONFIG[valgrind] = ",--without-valgrind-testbench,valgrind,"
|
||||
PACKAGECONFIG[imhttp] = "--enable-imhttp,--disable-imhttp,civetweb,"
|
||||
|
||||
Reference in New Issue
Block a user