Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
HBSD: enable pid randomization in PAX_HARDENING case
This commit effectiveliy reverts the following commit:
HBSD: Use HARDEN_RANDOMPID for hardening kern.randompid
Setting the kern.randompid sysctl node, as we do by default with the
PAX_HARDENING kernel flag, can cause Poudriere's use of `pwait` to hang
indefinately. So that users who want to build their own packages using
Poudriere on HardenedBSD, provide a separate option for hardening PID
randomization. Add the option to the HARDENEDBSD kernel.
There is a candidate patch for `pwait` in upstream FreeBSD. However,
that should be treated separately.
Signed-off-by: Shawn Webb <[email protected]>
Sponsored-by: SoldierX
github-issue: #263
See-also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218598
MFC-to: 10-STABLE
MFC-to: 11-STABLE
Instead of working around user-space tools errors from kernel, pull in
the proper fix to pwait...
In the same time, this commit removes the last non-standard hardening knob.
And if someone want to disable pid randomization, then they still able
to do it with specifying ``hardening.randomize_pids=0`` in loader.conf.
MFC-to: 10-STABLE
MFC-to: 11-STABLE
Signed-off-by: Oliver Pinter <[email protected]>
(cherry picked from commit baf6bf5b16681f98941f25302074ff64df89e076)
Signed-off-by: Oliver Pinter <[email protected]>
(cherry picked from commit 9247a9f)
Signed-off-by: Oliver Pinter <[email protected]>- Loading branch information
