diff --git a/pdns/Makefile.am b/pdns/Makefile.am index b12c11802a82..4fea89c11c0c 100644 --- a/pdns/Makefile.am +++ b/pdns/Makefile.am @@ -1793,9 +1793,6 @@ endif if !HAVE_SYSTEMD_SYSTEM_CALL_FILTER $(AM_V_GEN)perl -ni -e 'print unless /^SystemCallFilter/' $@ endif -if !HAVE_SYSTEMD_MEMORY_DENY_WRITE_EXECUTE - $(AM_V_GEN)perl -ni -e 'print unless /^MemoryDenyWriteExecute/' $@ -endif if !HAVE_SYSTEMD_PROTECT_PROC $(AM_V_GEN)perl -ni -e 'print unless /^ProtectProc/' $@ endif diff --git a/pdns/dnsdistdist/Makefile.am b/pdns/dnsdistdist/Makefile.am index 43d5cc165913..c3ed1f158072 100644 --- a/pdns/dnsdistdist/Makefile.am +++ b/pdns/dnsdistdist/Makefile.am @@ -542,9 +542,6 @@ endif if !HAVE_SYSTEMD_PROTECT_PROC $(AM_V_GEN)perl -ni -e 'print unless /^ProtectProc/' $@ endif -if !HAVE_SYSTEMD_MEMORY_DENY_WRITE_EXECUTE - $(AM_V_GEN)perl -ni -e 'print unless /^MemoryDenyWriteExecute/' $@ -endif if !HAVE_SYSTEMD_PRIVATE_IPC $(AM_V_GEN)perl -ni -e 'print unless /^PrivateIPC/' $@ endif diff --git a/pdns/dnsdistdist/dnsdist.service.in b/pdns/dnsdistdist/dnsdist.service.in index 73d78fd02869..eb75e7632a51 100644 --- a/pdns/dnsdistdist/dnsdist.service.in +++ b/pdns/dnsdistdist/dnsdist.service.in @@ -51,10 +51,11 @@ RestrictSUIDSGID=true SystemCallArchitectures=native SystemCallFilter=~ @clock @debug @module @mount @raw-io @reboot @swap @cpu-emulation @obsolete ProtectProc=invisible -MemoryDenyWriteExecute=true PrivateIPC=true RemoveIPC=true DevicePolicy=closed +# Not enabled by default because it does not play well with LuaJIT +# MemoryDenyWriteExecute=true [Install] WantedBy=multi-user.target diff --git a/pdns/ixfrdist.service.in b/pdns/ixfrdist.service.in index b69618abe386..a1b07220a3f1 100644 --- a/pdns/ixfrdist.service.in +++ b/pdns/ixfrdist.service.in @@ -35,10 +35,10 @@ RestrictSUIDSGID=true SystemCallArchitectures=native SystemCallFilter=~ @clock @debug @module @mount @raw-io @reboot @swap @cpu-emulation @obsolete ProtectProc=invisible -MemoryDenyWriteExecute=true PrivateIPC=true RemoveIPC=true DevicePolicy=closed +MemoryDenyWriteExecute=true [Install] WantedBy=multi-user.target diff --git a/pdns/pdns.service.in b/pdns/pdns.service.in index d073ec3d5eb3..1d23347b4d28 100644 --- a/pdns/pdns.service.in +++ b/pdns/pdns.service.in @@ -41,10 +41,11 @@ RestrictSUIDSGID=true SystemCallArchitectures=native SystemCallFilter=~ @clock @debug @module @mount @raw-io @reboot @swap @cpu-emulation @obsolete ProtectProc=invisible -MemoryDenyWriteExecute=true PrivateIPC=true RemoveIPC=true DevicePolicy=closed +# Not enabled by default because it does not play well with LuaJIT +# MemoryDenyWriteExecute=true [Install] WantedBy=multi-user.target diff --git a/pdns/recursordist/Makefile.am b/pdns/recursordist/Makefile.am index cde922ed8fcf..629976e0d15a 100644 --- a/pdns/recursordist/Makefile.am +++ b/pdns/recursordist/Makefile.am @@ -624,9 +624,6 @@ endif if !HAVE_SYSTEMD_PROTECT_PROC $(AM_V_GEN)perl -ni -e 'print unless /^ProtectProc/' $@ endif -if !HAVE_SYSTEMD_MEMORY_DENY_WRITE_EXECUTE - $(AM_V_GEN)perl -ni -e 'print unless /^MemoryDenyWriteExecute/' $@ -endif if !HAVE_SYSTEMD_PRIVATE_IPC $(AM_V_GEN)perl -ni -e 'print unless /^PrivateIPC/' $@ endif diff --git a/pdns/recursordist/pdns-recursor.service.in b/pdns/recursordist/pdns-recursor.service.in index dc88bbfda706..ddb923672017 100644 --- a/pdns/recursordist/pdns-recursor.service.in +++ b/pdns/recursordist/pdns-recursor.service.in @@ -42,10 +42,11 @@ RestrictSUIDSGID=true SystemCallArchitectures=native SystemCallFilter=~ @clock @debug @module @mount @raw-io @reboot @swap @cpu-emulation @obsolete ProtectProc=invisible -MemoryDenyWriteExecute=true PrivateIPC=true RemoveIPC=true DevicePolicy=closed +# Not enabled by default because it does not play well with LuaJIT +# MemoryDenyWriteExecute=true [Install] WantedBy=multi-user.target