Message ID | 20220414205205.2264840-1-richard.purdie@linuxfoundation.org |
---|---|
State | Accepted, archived |
Commit | 3e85ce436699a2b5b7751f671e4a6eabb4ca5404 |
Headers | show |
Series | [v2] bluez5: Add fix for startup issues under systemd | expand |
Hi Richard, should I update your patch or only the Upstream-Status or will you prefer to do it yourself? Regards Stefan Am 14.04.2022 um 22:52 schrieb Richard Purdie via lists.openembedded.org: > The systemd bluetooth service failed to start. Add a workaround for this whilst the > final fix is discussed upstream, https://github.com/bluez/bluez/issues/329. > > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> > --- > > v2: Add ProtectSystem=strict > meta/recipes-connectivity/bluez5/bluez5.inc | 1 + > .../bluez5/bluez5/fix_service.patch | 30 +++++++++++++++++++ > 2 files changed, 31 insertions(+) > create mode 100644 meta/recipes-connectivity/bluez5/bluez5/fix_service.patch > > diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc > index 79d4645ca89..22dd07b3480 100644 > --- a/meta/recipes-connectivity/bluez5/bluez5.inc > +++ b/meta/recipes-connectivity/bluez5/bluez5.inc > @@ -53,6 +53,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ > ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ > file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ > file://0001-test-gatt-Fix-hung-issue.patch \ > + file://fix_service.patch \ > " > S = "${WORKDIR}/bluez-${PV}" > > diff --git a/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch b/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch > new file mode 100644 > index 00000000000..96fdf6b299c > --- /dev/null > +++ b/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch > @@ -0,0 +1,30 @@ > +The systemd bluetooth service failed to start because the /var/lib/bluetooth > +path of ReadWritePaths= is created by the bluetooth daemon itself. > + > +The commit systemd: Add more filesystem lockdown (442d211) add ReadWritePaths=/etc/bluetooth > +and ReadOnlyPaths=/var/lib/bluetooth options to the bluetooth systemd service. > +The existing ProtectSystem=full option mounts the /usr, the boot loader > +directories and /etc read-only. This means the two option are useless and could be removed. > + > +Upstream-Status: Submitted [https://github.com/bluez/bluez/issues/329] > + > +Index: bluez-5.64/src/bluetooth.service.in > +=================================================================== > +--- bluez-5.64.orig/src/bluetooth.service.in > ++++ bluez-5.64/src/bluetooth.service.in > +@@ -15,12 +15,12 @@ LimitNPROC=1 > + > + # Filesystem lockdown > + ProtectHome=true > +-ProtectSystem=full > ++ProtectSystem=strict > + PrivateTmp=true > + ProtectKernelTunables=true > + ProtectControlGroups=true > +-ReadWritePaths=@statedir@ > +-ReadOnlyPaths=@confdir@ > ++ConfigurationDirectory=bluetooth > ++StateDirectory=bluetooth > + > + # Execute Mappings > + MemoryDenyWriteExecute=true > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#164413): https://lists.openembedded.org/g/openembedded-core/message/164413 > Mute This Topic: https://lists.openembedded.org/mt/90474022/6374899 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [stefan.herbrechtsmeier-oss@weidmueller.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Mon, 2022-04-25 at 11:17 +0200, Stefan Herbrechtsmeier wrote: > Hi Richard, > > should I update your patch or only the Upstream-Status or will you > prefer to do it yourself? Patches to update it very welcome! Cheers, Richard
diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc index 79d4645ca89..22dd07b3480 100644 --- a/meta/recipes-connectivity/bluez5/bluez5.inc +++ b/meta/recipes-connectivity/bluez5/bluez5.inc @@ -53,6 +53,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \ ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \ file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \ file://0001-test-gatt-Fix-hung-issue.patch \ + file://fix_service.patch \ " S = "${WORKDIR}/bluez-${PV}" diff --git a/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch b/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch new file mode 100644 index 00000000000..96fdf6b299c --- /dev/null +++ b/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch @@ -0,0 +1,30 @@ +The systemd bluetooth service failed to start because the /var/lib/bluetooth +path of ReadWritePaths= is created by the bluetooth daemon itself. + +The commit systemd: Add more filesystem lockdown (442d211) add ReadWritePaths=/etc/bluetooth +and ReadOnlyPaths=/var/lib/bluetooth options to the bluetooth systemd service. +The existing ProtectSystem=full option mounts the /usr, the boot loader +directories and /etc read-only. This means the two option are useless and could be removed. + +Upstream-Status: Submitted [https://github.com/bluez/bluez/issues/329] + +Index: bluez-5.64/src/bluetooth.service.in +=================================================================== +--- bluez-5.64.orig/src/bluetooth.service.in ++++ bluez-5.64/src/bluetooth.service.in +@@ -15,12 +15,12 @@ LimitNPROC=1 + + # Filesystem lockdown + ProtectHome=true +-ProtectSystem=full ++ProtectSystem=strict + PrivateTmp=true + ProtectKernelTunables=true + ProtectControlGroups=true +-ReadWritePaths=@statedir@ +-ReadOnlyPaths=@confdir@ ++ConfigurationDirectory=bluetooth ++StateDirectory=bluetooth + + # Execute Mappings + MemoryDenyWriteExecute=true
The systemd bluetooth service failed to start. Add a workaround for this whilst the final fix is discussed upstream, https://github.com/bluez/bluez/issues/329. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> --- v2: Add ProtectSystem=strict meta/recipes-connectivity/bluez5/bluez5.inc | 1 + .../bluez5/bluez5/fix_service.patch | 30 +++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 meta/recipes-connectivity/bluez5/bluez5/fix_service.patch