[PATCH] build: allow configuring filter policy to be used in the init files
Aleksander Morgado
aleksander at aleksander.es
Tue Apr 10 13:08:38 UTC 2018
Distributions wanting to use a different filter policy than the
DEFAULT one were advised to patch themselves the corresponding init
files.
We now allow doing this directly at configure time by using a new
`--with-filter-policy=[POLICY]' option that accepts one of "default",
"strict", "paranoid" or "whitelist-only".
The suggested policy for standard distributions is "strict".
---
Hey,
Would this new configure switch be enough to avoid needing to patch the service file in each distribution?
---
configure.ac | 24 ++++++++++++++++++++++++
data/Makefile.am | 4 ++--
data/ModemManager.service.in | 2 +-
data/org.freedesktop.ModemManager1.service.in | 2 +-
4 files changed, 28 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index 9bf26ed2..3c8feadb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -150,6 +150,29 @@ if test "x$enable_vala" = "xyes" -a ! -f "$VAPIGEN_MAKEFILE"; then
AC_MSG_ERROR([Vala bindings enabled but Makefile.vapigen not found. Install vala-devel, or pass --disable-vala])
fi
+dnl-----------------------------------------------------------------------------
+dnl Filter policy
+dnl
+
+AC_ARG_WITH(filter-policy,
+ AS_HELP_STRING([--with-filter-policy=(default|whitelist-only|strict|paranoid)],
+ [which filter policy to request in the systemd init file]))
+if test -n "$with_filter_policy" ; then
+ case "$with_filter_policy" in
+ "default") ;;
+ "whitelist-only") ;;
+ "strict") ;;
+ "paranoid") ;;
+ *)
+ AC_MSG_ERROR([Wrong value for --with-filter-policy: $with_filter_policy])
+ ;;
+ esac
+ FILTER_POLICY="$with_filter_policy"
+else
+ FILTER_POLICY="default"
+fi
+AC_SUBST(FILTER_POLICY)
+
dnl-----------------------------------------------------------------------------
dnl System paths
dnl
@@ -443,6 +466,7 @@ echo "
systemd unit directory: ${with_systemdsystemunitdir}
Features:
+ filter policy: ${FILTER_POLICY}
udev: ${with_udev}
policykit: ${with_polkit}
mbim: ${with_mbim}
diff --git a/data/Makefile.am b/data/Makefile.am
index ee05bdf6..aa12ee9b 100644
--- a/data/Makefile.am
+++ b/data/Makefile.am
@@ -5,8 +5,8 @@ edit = @sed \
-e 's|@sbindir[@]|$(sbindir)|g' \
-e 's|@sysconfdir[@]|$(sysconfdir)|g' \
-e 's|@localstatedir[@]|$(localstatedir)|g' \
- -e 's|@libexecdir[@]|$(libexecdir)|g'
-
+ -e 's|@libexecdir[@]|$(libexecdir)|g' \
+ -e 's|@FILTER_POLICY[@]|$(FILTER_POLICY)|g'
# DBus Service file
dbusservicedir = $(DBUS_SYS_DIR)
diff --git a/data/ModemManager.service.in b/data/ModemManager.service.in
index 47867769..eb8545c1 100644
--- a/data/ModemManager.service.in
+++ b/data/ModemManager.service.in
@@ -4,7 +4,7 @@ Description=Modem Manager
[Service]
Type=dbus
BusName=org.freedesktop.ModemManager1
-ExecStart=@sbindir@/ModemManager
+ExecStart=@sbindir@/ModemManager --filter-policy=@FILTER_POLICY@
StandardError=null
Restart=on-abort
CapabilityBoundingSet=CAP_SYS_ADMIN
diff --git a/data/org.freedesktop.ModemManager1.service.in b/data/org.freedesktop.ModemManager1.service.in
index 175f3dd2..91e50e34 100644
--- a/data/org.freedesktop.ModemManager1.service.in
+++ b/data/org.freedesktop.ModemManager1.service.in
@@ -6,6 +6,6 @@
[D-BUS Service]
Name=org.freedesktop.ModemManager1
-Exec=@sbindir@/ModemManager
+Exec=@sbindir@/ModemManager --filter-policy=@FILTER_POLICY@
User=root
SystemdService=dbus-org.freedesktop.ModemManager1.service
--
2.16.1
More information about the ModemManager-devel
mailing list