[PATCH] build: allow configuring filter policy to be used in the init files
Aleksander Morgado
aleksander at aleksander.es
Mon Apr 23 10:37:39 UTC 2018
>
> > > > Distributions wanting to use a different filter policy than the
> > > > DEFAULT one were advised to patch themselves the corresponding
> > > > init
> > > > files.
> > > >
> > > > We now allow doing this directly at configure time by using a new
> > > > `--with-filter-policy=[POLICY]' option that accepts one of
> > > > "default",
> > > > "strict", "paranoid" or "whitelist-only".
> > > >
> > > > The suggested policy for standard distributions is "strict".
> > > > ---
> > > >
> > > > Hey,
> > > >
> > > > Would this new configure switch be enough to avoid needing to
> > > > patch
> > > > the service file in each distribution?
> > >
> > > So this would mostly work, except that if a specific user wants to
> > > change their policy after install, they would now fail RPM
> > > verification
> > > because the systemd unit files are not config files.
> > >
> >
> > Ohhh right
> >
> > > What Fedora typically does here would be something like:
> > >
> > > EnvironmentFile=/etc/sysconfig/ModemManager
> > > Exec=/usr/sbin/ModemManager --filter-policy=$FILTER_POLICY
> > >
> > > and then install an /etc/sysconfig/ModemManager with:
> > >
> > > FILTER_POLICY=strict
> > >
> > > and mark /etc/sysconfig/ModemManager as %config in the RPM.
> > >
> > > That allows the user to change the policy from the distro default
> > > via
> > > /etc/sysconfig/ModemManager and still maintain package integrity
> > > with
> > > "rpm -V".
> > >
> > > Obviously this doesn't work for the D-Bus service file, but I guess
> > > we
> > > could have a wrapper script that sources the env file and then runs
> > > MM
> > > with the right parameters.
> > >
> > > Or, for a distro-independent solution, a real config file...
> > >
> >
> > Maybe it's time we ship a config file? These different policy configs
> > probably deserve it.
> > What do others think?
>
> Yeah, we probably should just do this.
>
>
Will gladly review and accept patches implementing this new config file.
Anyone wants to help?
--
Aleksander
https://aleksander.es
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/modemmanager-devel/attachments/20180423/d5745f16/attachment.html>
More information about the ModemManager-devel
mailing list