Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
HBSD: enable pid randomization in PAX_HARDENING case
This commit effectiveliy reverts the following commit: HBSD: Use HARDEN_RANDOMPID for hardening kern.randompid Setting the kern.randompid sysctl node, as we do by default with the PAX_HARDENING kernel flag, can cause Poudriere's use of `pwait` to hang indefinately. So that users who want to build their own packages using Poudriere on HardenedBSD, provide a separate option for hardening PID randomization. Add the option to the HARDENEDBSD kernel. There is a candidate patch for `pwait` in upstream FreeBSD. However, that should be treated separately. Signed-off-by: Shawn Webb <[email protected]> Sponsored-by: SoldierX github-issue: #263 See-also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218598 MFC-to: 10-STABLE MFC-to: 11-STABLE Instead of working around user-space tools errors from kernel, pull in the proper fix to pwait... In the same time, this commit removes the last non-standard hardening knob. And if someone want to disable pid randomization, then they still able to do it with specifying ``hardening.randomize_pids=0`` in loader.conf. MFC-to: 10-STABLE MFC-to: 11-STABLE Signed-off-by: Oliver Pinter <[email protected]> (cherry picked from commit baf6bf5b16681f98941f25302074ff64df89e076) Signed-off-by: Oliver Pinter <[email protected]> (cherry picked from commit 9247a9f) Signed-off-by: Oliver Pinter <[email protected]>
- Loading branch information