| Message ID | 20191028145604.22907-1-sean@mess.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v4l-utils] 50-rc_keymap.conf prevents debian testing from booting | expand |
On 10/28/19 3:56 PM, Sean Young wrote: > If SystemCallFilter is not set for systemd-udevd, then 50-rc_keymap.conf > restricts the service to _only_ the bpf syscall, preventing the system > from booting. > > Reported-by: Hans Verkuil <hverkuil@xs4all.nl> Tested-by: Hans Verkuil <hverkuil@xs4all.nl> Thanks! I think this should be merged quickly since it is not nice when v4l-utils suddenly prevents your system from booting the next time. Especially when you discover this two hours before you have to leave for the airport to travel to the ELCE conference where you are speaker the next day... Just saying :-) Regards, Hans > Signed-off-by: Sean Young <sean@mess.org> > --- > configure.ac | 6 ++++++ > utils/keytable/Makefile.am | 2 ++ > 2 files changed, 8 insertions(+) > > diff --git a/configure.ac b/configure.ac > index 01a24a28..8585a79d 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -521,6 +521,12 @@ AM_CONDITIONAL([WITH_BPF], [test x$enable_bpf != xno -a x$libelf_pkgcon > AS_IF([test x$enable_libdvbv5 = xno], [AC_SUBST([ENFORCE_LIBDVBV5_STATIC], ["-static"])]) > AS_IF([test x$enable_libv4l = xno], [AC_SUBST([ENFORCE_LIBV4L_STATIC], ["-static"])]) > > +# Since systemd v239, udevd is not allowed to execute BPF systems calls; > +# add an override to allow bpf(2) in that case. On earlier versions, the > +# override will restrict udevd to bpf syscall only and will stop the system > +# from booting. This is also true on current debian versions. > +AM_CONDITIONAL([HAVE_UDEVDSYSCALLFILTER], [grep -s SystemCallFilter $with_systemdsystemunitdir/systemd-udevd.service]) > + > # misc > > if test "x$linux_os" = "xyes"; then > diff --git a/utils/keytable/Makefile.am b/utils/keytable/Makefile.am > index dfcd7609..4724897e 100644 > --- a/utils/keytable/Makefile.am > +++ b/utils/keytable/Makefile.am > @@ -3,7 +3,9 @@ man_MANS = ir-keytable.1 rc_keymap.5 > sysconf_DATA = rc_maps.cfg > keytablesystem_DATA = $(srcdir)/rc_keymaps/* > udevrules_DATA = 70-infrared.rules > +if HAVE_UDEVDSYSCALLFILTER > systemdsystemunit_DATA = 50-rc_keymap.conf > +endif > > ir_keytable_SOURCES = keytable.c parse.h ir-encode.c ir-encode.h toml.c toml.h keymap.c keymap.h > >
On Mon, Oct 28, 2019 at 05:21:02PM +0100, Hans Verkuil wrote: > On 10/28/19 3:56 PM, Sean Young wrote: > > If SystemCallFilter is not set for systemd-udevd, then 50-rc_keymap.conf > > restricts the service to _only_ the bpf syscall, preventing the system > > from booting. > > > > Reported-by: Hans Verkuil <hverkuil@xs4all.nl> > > Tested-by: Hans Verkuil <hverkuil@xs4all.nl> > > Thanks! I think this should be merged quickly since it is not nice when > v4l-utils suddenly prevents your system from booting the next time. > > Especially when you discover this two hours before you have to leave > for the airport to travel to the ELCE conference where you are > speaker the next day... Yes, it's been pushed. Sorry about this. I am a little concerned that loading bpf rc keymaps from udevd is not the best idea. Possibly this should be done via polkit. These changes seem a little fragile and as this shows, if it goes wrong then you end up with a system that doesn't boot... Thanks for your report/test, making a quick turnaround for a fix possible. Sean
diff --git a/configure.ac b/configure.ac index 01a24a28..8585a79d 100644 --- a/configure.ac +++ b/configure.ac @@ -521,6 +521,12 @@ AM_CONDITIONAL([WITH_BPF], [test x$enable_bpf != xno -a x$libelf_pkgcon AS_IF([test x$enable_libdvbv5 = xno], [AC_SUBST([ENFORCE_LIBDVBV5_STATIC], ["-static"])]) AS_IF([test x$enable_libv4l = xno], [AC_SUBST([ENFORCE_LIBV4L_STATIC], ["-static"])]) +# Since systemd v239, udevd is not allowed to execute BPF systems calls; +# add an override to allow bpf(2) in that case. On earlier versions, the +# override will restrict udevd to bpf syscall only and will stop the system +# from booting. This is also true on current debian versions. +AM_CONDITIONAL([HAVE_UDEVDSYSCALLFILTER], [grep -s SystemCallFilter $with_systemdsystemunitdir/systemd-udevd.service]) + # misc if test "x$linux_os" = "xyes"; then diff --git a/utils/keytable/Makefile.am b/utils/keytable/Makefile.am index dfcd7609..4724897e 100644 --- a/utils/keytable/Makefile.am +++ b/utils/keytable/Makefile.am @@ -3,7 +3,9 @@ man_MANS = ir-keytable.1 rc_keymap.5 sysconf_DATA = rc_maps.cfg keytablesystem_DATA = $(srcdir)/rc_keymaps/* udevrules_DATA = 70-infrared.rules +if HAVE_UDEVDSYSCALLFILTER systemdsystemunit_DATA = 50-rc_keymap.conf +endif ir_keytable_SOURCES = keytable.c parse.h ir-encode.c ir-encode.h toml.c toml.h keymap.c keymap.h
If SystemCallFilter is not set for systemd-udevd, then 50-rc_keymap.conf restricts the service to _only_ the bpf syscall, preventing the system from booting. Reported-by: Hans Verkuil <hverkuil@xs4all.nl> Signed-off-by: Sean Young <sean@mess.org> --- configure.ac | 6 ++++++ utils/keytable/Makefile.am | 2 ++ 2 files changed, 8 insertions(+)