Hi Luiz,
thanks for your quick response!
Am 04.12.24 um 21:37 schrieb Luiz Augusto von Dentz:
Hi Fiona,
On Wed, Dec 4, 2024 at 3:31 PM Luiz Augusto von Dentz
<luiz.dentz@xxxxxxxxx> wrote:
Hi Fiona,
On Wed, Dec 4, 2024 at 2:51 PM Fiona Klute <fiona.klute@xxxxxx> wrote:
Hi,
since February Bluez installs a config directory with mode 0555 [1].
This broke the Buildroot build, because files in that directory cannot
be deleted any more. Buildroot disabled the datafiles installation as a
workaround [2], but at least in my setup this breaks *running*
bluetoothd because the D-bus policy is missing that way.
The commit message mentions needing specific permission, but does not
explain why /etc/bluetooth can't have mode 0755 (as it does on my Debian
system, with Bluetooth working just fine).
So my questions are: Can I just send a patch to change the permissions?
If not, why does it need to be read-only? I think I'll need to
understand that for a proper fix if changing permissions isn't right.
Kind regards,
Fiona
[1]
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=be0e796299b0e7a73bf06c5655b56180588550b0
[2]
https://gitlab.com/buildroot.org/buildroot/-/commit/1a8676aa6e4b0e372a1a744eac6e53c90c03bf0e
Here is the discussion why end up setting it as 0555:
https://github.com/bluez/bluez/issues/329#issuecomment-1102459104
Now the question is why would buildroot delete files under
ConfigurationDirectory? Or is the problem that the directory is
created empty and then you add custom files later?
Buildroot builds a rootfs image. Files created by package builds are
written to a staging directory on install, moved around when building
the rootfs (as regular user), and during development I use "clean"
pretty often, which naturally needs to delete build results.
Ok, sounds like this really is _not_ how the distros are setting it up:
-rw-r--r--. 1 root root 1028 Nov 1 15:25 input.conf
-rw-r--r--. 1 root root 12929 Nov 1 15:25 main.conf
-rw-r--r--. 1 root root 120 Dec 24 2012 network.conf
So I think it should really have been 0755, so the likes of root can
write/delete it.
Thanks for the confirmation, I'll look at sending a patch then.
The arguments presented in the discussion on Github don't make sense to
me, ProtectSystem=strict should already prevent writes to /etc from the
service. ConfigurationDirectoryMode=0555 isn't going to *check* for
those permissions, it's going to set them (except it looks like
ProtectSystem=strict actually prevents that). The system I'm building
with Buildroot doesn't use systemd though, if I wanted to achieve the
same thing I'd need to add bubblewrap or something to the init script.
Best regards,
Fiona