summaryrefslogtreecommitdiff
path: root/x11-misc/colord/files/colord-1.4.7-systemd-permissions.patch
blob: 0a97d8ac579dcd5c3ca948bc1d6e757b07ccaf20 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

https://github.com/hughsie/colord/commit/08a32b2379fb5582f4312e59bf51a2823df56276
https://github.com/hughsie/colord/commit/9283abd9c00468edb94d2a06d6fa3681cae2700d

From 08a32b2379fb5582f4312e59bf51a2823df56276 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Mon, 29 Jan 2024 10:37:11 +0000
Subject: [PATCH] Fix writing to the database with ProtectSystem=strict

Fixes https://github.com/hughsie/colord/issues/166
--- a/data/colord.service.in
+++ b/data/colord.service.in
@@ -17,6 +17,10 @@ ProtectControlGroups=true
 RestrictRealtime=true
 RestrictAddressFamilies=AF_UNIX
 
+ConfigurationDirectory=colord
+StateDirectory=colord
+CacheDirectory=colord
+
 # drop all capabilities
 CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_SYS_RAWIO CAP_SYS_TIME CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_MKNOD CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_RESOURCE CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_BOOT CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM
 

From 9283abd9c00468edb94d2a06d6fa3681cae2700d Mon Sep 17 00:00:00 2001
From: Ferdinand Bachmann <ferdinand.bachmann@yrlf.at>
Date: Tue, 30 Jan 2024 12:44:18 +0100
Subject: [PATCH] Fix USB scanners not working with RestrictAddressFamilies

colord-sane scanner drivers using libusb can't initialize properly with
RestrictAddressFamilies set to AF_UNIX. Remove that line to ensure those
can work properly.

This also avoids a crash in HPLIP due to unchecked calls to libusb_init().

Fixes #165
---
 data/colord.service.in | 1 -
 1 file changed, 1 deletion(-)

diff --git a/data/colord.service.in b/data/colord.service.in
index c358dc4b..45ec5811 100644
--- a/data/colord.service.in
+++ b/data/colord.service.in
@@ -15,7 +15,6 @@ ProtectKernelModules=true
 ProtectKernelLogs=true
 ProtectControlGroups=true
 RestrictRealtime=true
-RestrictAddressFamilies=AF_UNIX
 
 ConfigurationDirectory=colord
 StateDirectory=colord
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-04 22:24:51 +0000