Changeset 58ad7bc


Ignore:
Timestamp:
07/15/2022 03:59:17 PM (22 months ago)
Author:
Xi Ruoyao <xry111@…>
Branches:
11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, xry111/llvm18, xry111/soup3, xry111/xf86-video-removal
Children:
8b152256
Parents:
ddec2a8
Message:

bluez: for systemd, create /var/lib/bluetooth at installation

In the systemd unit file of bluez-5.64, there is:

ProtectSystem=full
ReadWritePaths=/var/lib/bluetooth

The combination of these two options make systemd to bind mount /
recursively and read-only to /run/systemd/unit-root in a new mount
namespace, then bind mount /var/lib/bluetooth to
/run/systemd/unit-root/var/lib/bluetooth, then run bluez in the chroot
at /run/systemd/unit-root in the separate namespace.

This helps to reduce the potential damage if a bluez security
vulnerability is exposed. But, if /var/lib/bluetooth does not exist,
systemd will fail to bind mount it and complain:

bluetooth.service: bluetooth.service: Failed to set up mount
namespacing: /run/systemd/unit-root/var/lib/bluetooth: No such
file or directory

As a simple workaround, just create this directory at installation. A
more elegant solution will be shipped in bluez-5.65:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=0905a06

Q: Why -m700?
A: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=edc69d2

File:
1 edited

Legend:

Unmodified
Added
Removed

  • general/sysutils/bluez.xml

    rddec2a8 r58ad7bc  
    199199<screen role="root"><userinput>make install &amp;&amp;
    200200ln -svf ../libexec/bluetooth/bluetoothd /usr/sbin</userinput></screen>
     201
     202    <!-- To editors: this will be unnecessary with bluez-5.65,
     203         please remove this part when bluez is updated. -->
     204    <para revision="systemd">
     205      Still as the &root; user, create the variable state information
     206      directory for this package:
     207    </para>
     208
     209<screen role="root" revision="systemd"><userinput>install -v -dm700 /var/lib/bluetooth</userinput></screen>
    201210
    202211    <para>
Note: See TracChangeset for help on using the changeset viewer.