[v2] bluez5: Add fix for startup issues under systemd

Message ID	20220414205205.2264840-1-richard.purdie@linuxfoundation.org
State	Accepted, archived
Commit	3e85ce436699a2b5b7751f671e4a6eabb4ca5404
Headers	show Return-Path: <richard.purdie@linuxfoundation.org> ip: 209.85.221.47, mailfrom: richard.purdie@linuxfoundation.org) From: Richard Purdie <richard.purdie@linuxfoundation.org> To: openembedded-core@lists.openembedded.org Subject: [PATCH v2] bluez5: Add fix for startup issues under systemd Date: Thu, 14 Apr 2022 21:52:05 +0100 Message-Id: <20220414205205.2264840-1-richard.purdie@linuxfoundation.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[v2] bluez5: Add fix for startup issues under systemd \| expand [v2] bluez5: Add fix for startup issues under systemd

Message ID

20220414205205.2264840-1-richard.purdie@linuxfoundation.org

State

Accepted, archived

Commit

3e85ce436699a2b5b7751f671e4a6eabb4ca5404

Headers

From: Richard Purdie <richard.purdie@linuxfoundation.org>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH v2] bluez5: Add fix for startup issues under systemd
Date: Thu, 14 Apr 2022 21:52:05 +0100
Message-Id: <20220414205205.2264840-1-richard.purdie@linuxfoundation.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[v2] bluez5: Add fix for startup issues under systemd | expand

Commit Message

Richard Purdie April 14, 2022, 8:52 p.m. UTC

The systemd bluetooth service failed to start. Add a workaround for this whilst the
final fix is discussed upstream, https://github.com/bluez/bluez/issues/329.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

v2: Add ProtectSystem=strict
 meta/recipes-connectivity/bluez5/bluez5.inc   |  1 +
 .../bluez5/bluez5/fix_service.patch           | 30 +++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/fix_service.patch

Comments

Stefan Herbrechtsmeier April 25, 2022, 9:17 a.m. UTC | #1

Hi Richard,

should I update your patch or only the Upstream-Status or will you 
prefer to do it yourself?

Regards
   Stefan

Am 14.04.2022 um 22:52 schrieb Richard Purdie via lists.openembedded.org:
> The systemd bluetooth service failed to start. Add a workaround for this whilst the
> final fix is discussed upstream, https://github.com/bluez/bluez/issues/329.
> 
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> ---
> 
> v2: Add ProtectSystem=strict
>   meta/recipes-connectivity/bluez5/bluez5.inc   |  1 +
>   .../bluez5/bluez5/fix_service.patch           | 30 +++++++++++++++++++
>   2 files changed, 31 insertions(+)
>   create mode 100644 meta/recipes-connectivity/bluez5/bluez5/fix_service.patch
> 
> diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
> index 79d4645ca89..22dd07b3480 100644
> --- a/meta/recipes-connectivity/bluez5/bluez5.inc
> +++ b/meta/recipes-connectivity/bluez5/bluez5.inc
> @@ -53,6 +53,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
>              ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
>              file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
>              file://0001-test-gatt-Fix-hung-issue.patch \
> +           file://fix_service.patch \
>              "
>   S = "${WORKDIR}/bluez-${PV}"
>   
> diff --git a/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch b/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch
> new file mode 100644
> index 00000000000..96fdf6b299c
> --- /dev/null
> +++ b/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch
> @@ -0,0 +1,30 @@
> +The systemd bluetooth service failed to start because the /var/lib/bluetooth
> +path of ReadWritePaths= is created by the bluetooth daemon itself.
> +
> +The commit systemd: Add more filesystem lockdown (442d211) add ReadWritePaths=/etc/bluetooth
> +and ReadOnlyPaths=/var/lib/bluetooth options to the bluetooth systemd service.
> +The existing ProtectSystem=full option mounts the /usr, the boot loader
> +directories and /etc read-only. This means the two option are useless and could be removed.
> +
> +Upstream-Status: Submitted [https://github.com/bluez/bluez/issues/329]
> +
> +Index: bluez-5.64/src/bluetooth.service.in
> +===================================================================
> +--- bluez-5.64.orig/src/bluetooth.service.in
> ++++ bluez-5.64/src/bluetooth.service.in
> +@@ -15,12 +15,12 @@ LimitNPROC=1
> +
> + # Filesystem lockdown
> + ProtectHome=true
> +-ProtectSystem=full
> ++ProtectSystem=strict
> + PrivateTmp=true
> + ProtectKernelTunables=true
> + ProtectControlGroups=true
> +-ReadWritePaths=@statedir@
> +-ReadOnlyPaths=@confdir@
> ++ConfigurationDirectory=bluetooth
> ++StateDirectory=bluetooth
> +
> + # Execute Mappings
> + MemoryDenyWriteExecute=true
> 
> 
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#164413): https://lists.openembedded.org/g/openembedded-core/message/164413
> Mute This Topic: https://lists.openembedded.org/mt/90474022/6374899
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [stefan.herbrechtsmeier-oss@weidmueller.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Richard Purdie April 25, 2022, 11:02 a.m. UTC | #2

On Mon, 2022-04-25 at 11:17 +0200, Stefan Herbrechtsmeier wrote:
> Hi Richard,
> 
> should I update your patch or only the Upstream-Status or will you 
> prefer to do it yourself?

Patches to update it very welcome!

Cheers,

Richard

diff --git a/meta/recipes-connectivity/bluez5/bluez5.inc b/meta/recipes-connectivity/bluez5/bluez5.inc
index 79d4645ca89..22dd07b3480 100644
--- a/meta/recipes-connectivity/bluez5/bluez5.inc
+++ b/meta/recipes-connectivity/bluez5/bluez5.inc
@@ -53,6 +53,7 @@  SRC_URI = "${KERNELORG_MIRROR}/linux/bluetooth/bluez-${PV}.tar.xz \
            ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', '', 'file://0001-Allow-using-obexd-without-systemd-in-the-user-sessio.patch', d)} \
            file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
            file://0001-test-gatt-Fix-hung-issue.patch \
+           file://fix_service.patch \
            "
 S = "${WORKDIR}/bluez-${PV}"
 
diff --git a/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch b/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch
new file mode 100644
index 00000000000..96fdf6b299c
--- /dev/null
+++ b/meta/recipes-connectivity/bluez5/bluez5/fix_service.patch
@@ -0,0 +1,30 @@ 
+The systemd bluetooth service failed to start because the /var/lib/bluetooth
+path of ReadWritePaths= is created by the bluetooth daemon itself.
+
+The commit systemd: Add more filesystem lockdown (442d211) add ReadWritePaths=/etc/bluetooth
+and ReadOnlyPaths=/var/lib/bluetooth options to the bluetooth systemd service.
+The existing ProtectSystem=full option mounts the /usr, the boot loader
+directories and /etc read-only. This means the two option are useless and could be removed.
+
+Upstream-Status: Submitted [https://github.com/bluez/bluez/issues/329]
+
+Index: bluez-5.64/src/bluetooth.service.in
+===================================================================
+--- bluez-5.64.orig/src/bluetooth.service.in
++++ bluez-5.64/src/bluetooth.service.in
+@@ -15,12 +15,12 @@ LimitNPROC=1
+ 
+ # Filesystem lockdown
+ ProtectHome=true
+-ProtectSystem=full
++ProtectSystem=strict
+ PrivateTmp=true
+ ProtectKernelTunables=true
+ ProtectControlGroups=true
+-ReadWritePaths=@statedir@
+-ReadOnlyPaths=@confdir@
++ConfigurationDirectory=bluetooth
++StateDirectory=bluetooth
+ 
+ # Execute Mappings
+ MemoryDenyWriteExecute=true