diff --git a/SOURCES/0006-service-set-User-root-so-that-gio-doesn-t-have-to-lo.patch b/SOURCES/0006-service-set-User-root-so-that-gio-doesn-t-have-to-lo.patch new file mode 100644 index 0000000..8543323 --- /dev/null +++ b/SOURCES/0006-service-set-User-root-so-that-gio-doesn-t-have-to-lo.patch @@ -0,0 +1,38 @@ +From dbb348d464c6c63d800039abae1b785f7239d928 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Tue, 21 Apr 2020 16:49:02 +0200 +Subject: [PATCH] service: set User=root so that gio doesn't have to look into + /etc/passwd + +GVfs' libgvfsdbus.so GIo module, when automatically loaded, attempts to +discover if there's a session D-Bus instance to use. It tries real hard +to get the socket name it would use -- in absence of XDG_RUNTIME_DIR it +decides to make it up with user's home directory. When HOME is unset +too, it just tries to figure it out by looking into /etc/passwd. Which +upsets SELinux that would better not see us looking into it. + +We trigger the load of the GIo modules, by using the GFile API to access +the the ports in /dev. They're utterly uesless to us, but there doesn't +seem to be a way to disable their load. Oh well. + +For now, let's just ensure HOME is set and the problematic path in glib +is not taken. +--- + data/ModemManager.service.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/data/ModemManager.service.in b/data/ModemManager.service.in +index 8ea5a1f6..7e16d4d0 100644 +--- a/data/ModemManager.service.in ++++ b/data/ModemManager.service.in +@@ -7,6 +7,7 @@ BusName=org.freedesktop.ModemManager1 + ExecStart=@sbindir@/ModemManager + StandardError=null + Restart=on-abort ++User=root + + [Install] + WantedBy=multi-user.target +-- +2.26.0 + diff --git a/SPECS/ModemManager.spec b/SPECS/ModemManager.spec index 1c471d2..f5c0eff 100644 --- a/SPECS/ModemManager.spec +++ b/SPECS/ModemManager.spec @@ -5,7 +5,7 @@ Summary: Mobile broadband modem management service Name: ModemManager Version: 1.6.10 -Release: 3%{?dist} +Release: 4%{?dist} Source: https://www.freedesktop.org/software/ModemManager/%{name}-%{version}.tar.xz Patch0: 0001-Revert-build-bump-required-gettext-version-to-0.19.3.patch Patch1: 0001-port-qmi-increase-qmi_device_open-retries.patch @@ -14,6 +14,7 @@ Patch3: 0002-bearer-qmi-unsolicited-events-might-not-be-enabled-o.patch Patch4: 0003-bearer-qmi-do-not-pass-a-cancellable-to-start_networ.patch Patch5: 0004-bearer-qmi-don-t-throw-away-packet-data-handles-on-c.patch Patch6: 0001-sierra-do-not-grab-cdc_ether-devices.patch +Patch7: 0006-service-set-User-root-so-that-gio-doesn-t-have-to-lo.patch License: GPLv2+ Group: System Environment/Base @@ -97,6 +98,7 @@ Vala bindings for ModemManager %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 %build intltoolize --force @@ -139,7 +141,7 @@ if [ $1 -eq 0 ] ; then touch --no-create %{_datadir}/icons/hicolor &>/dev/null gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : fi -%systemd_postun +%systemd_postun ModemManager.service %posttrans gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : @@ -185,6 +187,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %{_datadir}/vala/vapi/libmm-glib.* %changelog +* Tue Apr 21 2020 Antonio Cardace - 1.6.10-4 +- Prevent gvfsdbus module from reading /etc/passwd (rh #1588429) + * Tue May 21 2019 Lubomir Rintel - 1.6.10-3 - Don't grab cdc_ether devices on Sierra QMI modems (rh #1712031)