| Message ID | 20220126113638.1706785-1-hadess@hadess.net (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Luiz Von Dentz |
| Headers | show |
| Series | [1/4] build: Always define confdir and statedir | expand |
| Context | Check | Description |
|---|---|---|
| tedd_an/checkpatch | success | Checkpatch PASS |
| tedd_an/gitlint | success | Gitlint PASS |
| tedd_an/setupell | success | Setup ELL PASS |
| tedd_an/buildprep | success | Build Prep PASS |
| tedd_an/build | success | Build Configuration PASS |
| tedd_an/makecheck | success | Make Check PASS |
| tedd_an/makecheckvalgrind | success | Make Check PASS |
| tedd_an/makedistcheck | success | Make Distcheck PASS |
| tedd_an/build_extell | success | Build External ELL PASS |
| tedd_an/build_extell_make | success | Build Make with External ELL PASS |
| tedd_an/incremental_build | success | Pass |
Some patches from 2017 to use systemd lockdown. They've been used for 5 years by Fedora and RHEL. Cheers On Wed, 2022-01-26 at 12:36 +0100, Bastien Nocera wrote: > As we will need those paths to lock down on them. > --- > Makefile.am | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/Makefile.am b/Makefile.am > index e391d7ae8..2ba25e687 100644 > --- a/Makefile.am > +++ b/Makefile.am > @@ -28,14 +28,14 @@ AM_CFLAGS = $(MISC_CFLAGS) $(WARNING_CFLAGS) > $(UDEV_CFLAGS) $(LIBEBOOK_CFLAGS) \ > $(LIBEDATASERVER_CFLAGS) > $(ell_cflags) > AM_LDFLAGS = $(MISC_LDFLAGS) > > +confdir = $(sysconfdir)/bluetooth > +statedir = $(localstatedir)/lib/bluetooth > + > if DATAFILES > dbusdir = $(DBUS_CONFDIR)/dbus-1/system.d > dbus_DATA = src/bluetooth.conf > > -confdir = $(sysconfdir)/bluetooth > conf_DATA = > - > -statedir = $(localstatedir)/lib/bluetooth > state_DATA = > endif >
Hi Bastien, > Some patches from 2017 to use systemd lockdown. They've been used for 5 > years by Fedora and RHEL. > >> As we will need those paths to lock down on them. >> --- >> Makefile.am | 6 +++--- >> 1 file changed, 3 insertions(+), 3 deletions(-) >> >> diff --git a/Makefile.am b/Makefile.am >> index e391d7ae8..2ba25e687 100644 >> --- a/Makefile.am >> +++ b/Makefile.am >> @@ -28,14 +28,14 @@ AM_CFLAGS = $(MISC_CFLAGS) $(WARNING_CFLAGS) >> $(UDEV_CFLAGS) $(LIBEBOOK_CFLAGS) \ >> $(LIBEDATASERVER_CFLAGS) >> $(ell_cflags) >> AM_LDFLAGS = $(MISC_LDFLAGS) >> >> +confdir = $(sysconfdir)/bluetooth >> +statedir = $(localstatedir)/lib/bluetooth >> + >> if DATAFILES >> dbusdir = $(DBUS_CONFDIR)/dbus-1/system.d >> dbus_DATA = src/bluetooth.conf >> >> -confdir = $(sysconfdir)/bluetooth >> conf_DATA = >> - >> -statedir = $(localstatedir)/lib/bluetooth >> state_DATA = >> endif >> seems I missed that one. Can you please be more specific what this change does. Regards Marcel
On Wed, 2022-01-26 at 14:31 +0100, Marcel Holtmann wrote: > Hi Bastien, > > > Some patches from 2017 to use systemd lockdown. They've been used > > for 5 > > years by Fedora and RHEL. > > > > > As we will need those paths to lock down on them. > > > --- > > > Makefile.am | 6 +++--- > > > 1 file changed, 3 insertions(+), 3 deletions(-) > > > > > > diff --git a/Makefile.am b/Makefile.am > > > index e391d7ae8..2ba25e687 100644 > > > --- a/Makefile.am > > > +++ b/Makefile.am > > > @@ -28,14 +28,14 @@ AM_CFLAGS = $(MISC_CFLAGS) $(WARNING_CFLAGS) > > > $(UDEV_CFLAGS) $(LIBEBOOK_CFLAGS) \ > > > $(LIBEDATASERVER_CFLAGS) > > > $(ell_cflags) > > > AM_LDFLAGS = $(MISC_LDFLAGS) > > > > > > +confdir = $(sysconfdir)/bluetooth > > > +statedir = $(localstatedir)/lib/bluetooth > > > + > > > if DATAFILES > > > dbusdir = $(DBUS_CONFDIR)/dbus-1/system.d > > > dbus_DATA = src/bluetooth.conf > > > > > > -confdir = $(sysconfdir)/bluetooth > > > conf_DATA = > > > - > > > -statedir = $(localstatedir)/lib/bluetooth > > > state_DATA = > > > endif > > > > > seems I missed that one. Can you please be more specific what this > change does. This change specifically? Check the next patches in the series, and you'll see pretty quickly. For the rest of the patchset, check this man page for details on each of the directives: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Security There's a fair amount of other directives we could use on top of those ones, but we can add them iteratively (and it makes bisecting easier, in case we forget about a particular use case). Cheers
This is automated email and please do not reply to this email! Dear submitter, Thank you for submitting the patches to the linux bluetooth mailing list. This is a CI test results with your patch series: PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=608628 ---Test result--- Test Summary: CheckPatch PASS 5.68 seconds GitLint PASS 3.84 seconds Prep - Setup ELL PASS 41.84 seconds Build - Prep PASS 0.71 seconds Build - Configure PASS 8.38 seconds Build - Make PASS 1292.67 seconds Make Check PASS 11.33 seconds Make Check w/Valgrind PASS 448.95 seconds Make Distcheck PASS 231.67 seconds Build w/ext ELL - Configure PASS 8.74 seconds Build w/ext ELL - Make PASS 1305.94 seconds Incremental Build with patchesPASS 5303.63 seconds --- Regards, Linux Bluetooth
Hi Bastien, On Wed, Jan 26, 2022 at 1:28 PM <bluez.test.bot@gmail.com> wrote: > > This is automated email and please do not reply to this email! > > Dear submitter, > > Thank you for submitting the patches to the linux bluetooth mailing list. > This is a CI test results with your patch series: > PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=608628 > > ---Test result--- > > Test Summary: > CheckPatch PASS 5.68 seconds > GitLint PASS 3.84 seconds > Prep - Setup ELL PASS 41.84 seconds > Build - Prep PASS 0.71 seconds > Build - Configure PASS 8.38 seconds > Build - Make PASS 1292.67 seconds > Make Check PASS 11.33 seconds > Make Check w/Valgrind PASS 448.95 seconds > Make Distcheck PASS 231.67 seconds > Build w/ext ELL - Configure PASS 8.74 seconds > Build w/ext ELL - Make PASS 1305.94 seconds > Incremental Build with patchesPASS 5303.63 seconds > > > > --- > Regards, > Linux Bluetooth Applied, thanks.
On Wed, 2022-01-26 at 14:45 +0100, Bastien Nocera wrote: > This change specifically? Check the next patches in the series, and > you'll see pretty quickly. > > For the rest of the patchset, check this man page for details on each > of the directives: > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Security > > There's a fair amount of other directives we could use on top of > those > ones, but we can add them iteratively (and it makes bisecting easier, > in case we forget about a particular use case). Did you have any more questions about this patchset?
Hi Bastien, On Wed, Feb 2, 2022 at 5:55 AM Bastien Nocera <hadess@hadess.net> wrote: > > On Wed, 2022-01-26 at 14:45 +0100, Bastien Nocera wrote: > > This change specifically? Check the next patches in the series, and > > you'll see pretty quickly. > > > > For the rest of the patchset, check this man page for details on each > > of the directives: > > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Security > > > > There's a fair amount of other directives we could use on top of > > those > > ones, but we can add them iteratively (and it makes bisecting easier, > > in case we forget about a particular use case). > > Did you have any more questions about this patchset? Looks like we have some problems with these changes: https://github.com/bluez/bluez/issues/329
diff --git a/Makefile.am b/Makefile.am index e391d7ae8..2ba25e687 100644 --- a/Makefile.am +++ b/Makefile.am @@ -28,14 +28,14 @@ AM_CFLAGS = $(MISC_CFLAGS) $(WARNING_CFLAGS) $(UDEV_CFLAGS) $(LIBEBOOK_CFLAGS) \ $(LIBEDATASERVER_CFLAGS) $(ell_cflags) AM_LDFLAGS = $(MISC_LDFLAGS) +confdir = $(sysconfdir)/bluetooth +statedir = $(localstatedir)/lib/bluetooth + if DATAFILES dbusdir = $(DBUS_CONFDIR)/dbus-1/system.d dbus_DATA = src/bluetooth.conf -confdir = $(sysconfdir)/bluetooth conf_DATA = - -statedir = $(localstatedir)/lib/bluetooth state_DATA = endif