summaryrefslogtreecommitdiff
path: root/poky/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch
diff options
context:
space:
mode:
Diffstat (limited to 'poky/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch')
-rw-r--r--poky/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/poky/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch b/poky/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch
new file mode 100644
index 0000000000..96fdf6b299
--- /dev/null
+++ b/poky/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch
@@ -0,0 +1,30 @@
+The systemd bluetooth service failed to start because the /var/lib/bluetooth
+path of ReadWritePaths= is created by the bluetooth daemon itself.
+
+The commit systemd: Add more filesystem lockdown (442d211) add ReadWritePaths=/etc/bluetooth
+and ReadOnlyPaths=/var/lib/bluetooth options to the bluetooth systemd service.
+The existing ProtectSystem=full option mounts the /usr, the boot loader
+directories and /etc read-only. This means the two option are useless and could be removed.
+
+Upstream-Status: Submitted [https://github.com/bluez/bluez/issues/329]
+
+Index: bluez-5.64/src/bluetooth.service.in
+===================================================================
+--- bluez-5.64.orig/src/bluetooth.service.in
++++ bluez-5.64/src/bluetooth.service.in
+@@ -15,12 +15,12 @@ LimitNPROC=1
+
+ # Filesystem lockdown
+ ProtectHome=true
+-ProtectSystem=full
++ProtectSystem=strict
+ PrivateTmp=true
+ ProtectKernelTunables=true
+ ProtectControlGroups=true
+-ReadWritePaths=@statedir@
+-ReadOnlyPaths=@confdir@
++ConfigurationDirectory=bluetooth
++StateDirectory=bluetooth
+
+ # Execute Mappings
+ MemoryDenyWriteExecute=true
generated by cgit v1.2.3 (git 2.39.0) at 2024-06-02 20:40:49 +0300