| Message ID | 20220415223049.1155838-3-luiz.dentz@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [v2,BlueZ,1/3] storage: Add support for STATE_DIRECTORY environment variable | expand |
On Fri, 2022-04-15 at 15:30 -0700, Luiz Augusto von Dentz wrote: > From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > > This makes use of StateDirectory[1] and ConfigurationDirectory[1] to > inform systemd what those paths are used for instead of using > ReadWritePaths and ReadOnlyPaths which can lead to issues. > > Fixes: https://github.com/bluez/bluez/issues/329 FYI, my reviews on those patches are at: https://github.com/bluez/bluez/issues/329#issuecomment-1102459104 Cheers
Hi Bastien, On Tue, Apr 19, 2022 at 3:33 AM Bastien Nocera <hadess@hadess.net> wrote: > > On Fri, 2022-04-15 at 15:30 -0700, Luiz Augusto von Dentz wrote: > > From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > > > > This makes use of StateDirectory[1] and ConfigurationDirectory[1] to > > inform systemd what those paths are used for instead of using > > ReadWritePaths and ReadOnlyPaths which can lead to issues. > > > > Fixes: https://github.com/bluez/bluez/issues/329 > > FYI, my reviews on those patches are at: > https://github.com/bluez/bluez/issues/329#issuecomment-1102459104 > > Cheers Ive sent a couple of patches addressing them, please have a look.
On Tue, 2022-04-19 at 11:40 -0700, Luiz Augusto von Dentz wrote: > Hi Bastien, > > On Tue, Apr 19, 2022 at 3:33 AM Bastien Nocera <hadess@hadess.net> > wrote: > > > > On Fri, 2022-04-15 at 15:30 -0700, Luiz Augusto von Dentz wrote: > > > From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> > > > > > > This makes use of StateDirectory[1] and ConfigurationDirectory[1] > > > to > > > inform systemd what those paths are used for instead of using > > > ReadWritePaths and ReadOnlyPaths which can lead to issues. > > > > > > Fixes: https://github.com/bluez/bluez/issues/329 > > > > FYI, my reviews on those patches are at: > > https://github.com/bluez/bluez/issues/329#issuecomment-1102459104 > > > > Cheers > > Ive sent a couple of patches addressing them, please have a look. Patches look good, thanks!
diff --git a/src/bluetooth.service.in b/src/bluetooth.service.in index f18801866..4d39ad49d 100644 --- a/src/bluetooth.service.in +++ b/src/bluetooth.service.in @@ -15,12 +15,12 @@ LimitNPROC=1 # Filesystem lockdown ProtectHome=true -ProtectSystem=full +ProtectSystem=strict PrivateTmp=true ProtectKernelTunables=true ProtectControlGroups=true -ReadWritePaths=@statedir@ -ReadOnlyPaths=@confdir@ +StateDirectory=bluetooth +ConfigurationDirectory=bluetooth # Execute Mappings MemoryDenyWriteExecute=true
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> This makes use of StateDirectory[1] and ConfigurationDirectory[1] to inform systemd what those paths are used for instead of using ReadWritePaths and ReadOnlyPaths which can lead to issues. Fixes: https://github.com/bluez/bluez/issues/329 [1] https://www.freedesktop.org/software/systemd/man/systemd.exec.html --- src/bluetooth.service.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)