diff mbox series

[v2,BlueZ,3/3] build: Make use of StateDirectory and ConfigurationDirectory

Message ID 20220415223049.1155838-3-luiz.dentz@gmail.com
State New
Headers show
Series [v2,BlueZ,1/3] storage: Add support for STATE_DIRECTORY environment variable | expand

Commit Message

Luiz Augusto von Dentz April 15, 2022, 10:30 p.m. UTC 
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>

This makes use of StateDirectory[1] and ConfigurationDirectory[1] to
inform systemd what those paths are used for instead of using
ReadWritePaths and ReadOnlyPaths which can lead to issues.

Fixes: https://github.com/bluez/bluez/issues/329

[1] https://www.freedesktop.org/software/systemd/man/systemd.exec.html
---
 src/bluetooth.service.in | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

Bastien Nocera April 19, 2022, 10:33 a.m. UTC | #1 
On Fri, 2022-04-15 at 15:30 -0700, Luiz Augusto von Dentz wrote:
> From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> 
> This makes use of StateDirectory[1] and ConfigurationDirectory[1] to
> inform systemd what those paths are used for instead of using
> ReadWritePaths and ReadOnlyPaths which can lead to issues.
> 
> Fixes: https://github.com/bluez/bluez/issues/329

FYI, my reviews on those patches are at:
https://github.com/bluez/bluez/issues/329#issuecomment-1102459104

Cheers
Luiz Augusto von Dentz April 19, 2022, 6:40 p.m. UTC | #2 
Hi Bastien,

On Tue, Apr 19, 2022 at 3:33 AM Bastien Nocera <hadess@hadess.net> wrote:
>
> On Fri, 2022-04-15 at 15:30 -0700, Luiz Augusto von Dentz wrote:
> > From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> >
> > This makes use of StateDirectory[1] and ConfigurationDirectory[1] to
> > inform systemd what those paths are used for instead of using
> > ReadWritePaths and ReadOnlyPaths which can lead to issues.
> >
> > Fixes: https://github.com/bluez/bluez/issues/329
>
> FYI, my reviews on those patches are at:
> https://github.com/bluez/bluez/issues/329#issuecomment-1102459104
>
> Cheers

Ive sent a couple of patches addressing them, please have a look.
Bastien Nocera April 20, 2022, 8:54 a.m. UTC | #3 
On Tue, 2022-04-19 at 11:40 -0700, Luiz Augusto von Dentz wrote:
> Hi Bastien,
> 
> On Tue, Apr 19, 2022 at 3:33 AM Bastien Nocera <hadess@hadess.net>
> wrote:
> > 
> > On Fri, 2022-04-15 at 15:30 -0700, Luiz Augusto von Dentz wrote:
> > > From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
> > > 
> > > This makes use of StateDirectory[1] and ConfigurationDirectory[1]
> > > to
> > > inform systemd what those paths are used for instead of using
> > > ReadWritePaths and ReadOnlyPaths which can lead to issues.
> > > 
> > > Fixes: https://github.com/bluez/bluez/issues/329
> > 
> > FYI, my reviews on those patches are at:
> > https://github.com/bluez/bluez/issues/329#issuecomment-1102459104
> > 
> > Cheers
> 
> Ive sent a couple of patches addressing them, please have a look.

Patches look good, thanks!
diff mbox series

Patch

diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in
index f18801866..4d39ad49d 100644
--- a/src/bluetooth.service.in
+++ b/src/bluetooth.service.in
@@ -15,12 +15,12 @@  LimitNPROC=1
 
 # Filesystem lockdown
 ProtectHome=true
-ProtectSystem=full
+ProtectSystem=strict
 PrivateTmp=true
 ProtectKernelTunables=true
 ProtectControlGroups=true
-ReadWritePaths=@statedir@
-ReadOnlyPaths=@confdir@
+StateDirectory=bluetooth
+ConfigurationDirectory=bluetooth
 
 # Execute Mappings
 MemoryDenyWriteExecute=true