diff options
Diffstat (limited to 'x11-misc/colord/files/colord-1.4.7-systemd-permissions.patch')
| -rw-r--r-- | x11-misc/colord/files/colord-1.4.7-systemd-permissions.patch | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/x11-misc/colord/files/colord-1.4.7-systemd-permissions.patch b/x11-misc/colord/files/colord-1.4.7-systemd-permissions.patch new file mode 100644 index 000000000000..0a97d8ac579d --- /dev/null +++ b/x11-misc/colord/files/colord-1.4.7-systemd-permissions.patch @@ -0,0 +1,51 @@ +https://github.com/hughsie/colord/commit/08a32b2379fb5582f4312e59bf51a2823df56276 +https://github.com/hughsie/colord/commit/9283abd9c00468edb94d2a06d6fa3681cae2700d + +From 08a32b2379fb5582f4312e59bf51a2823df56276 Mon Sep 17 00:00:00 2001 +From: Richard Hughes <richard@hughsie.com> +Date: Mon, 29 Jan 2024 10:37:11 +0000 +Subject: [PATCH] Fix writing to the database with ProtectSystem=strict + +Fixes https://github.com/hughsie/colord/issues/166 +--- a/data/colord.service.in ++++ b/data/colord.service.in +@@ -17,6 +17,10 @@ ProtectControlGroups=true + RestrictRealtime=true + RestrictAddressFamilies=AF_UNIX + ++ConfigurationDirectory=colord ++StateDirectory=colord ++CacheDirectory=colord ++ + # drop all capabilities + CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_SYS_RAWIO CAP_SYS_TIME CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_MKNOD CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_RESOURCE CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_BOOT CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM + + +From 9283abd9c00468edb94d2a06d6fa3681cae2700d Mon Sep 17 00:00:00 2001 +From: Ferdinand Bachmann <ferdinand.bachmann@yrlf.at> +Date: Tue, 30 Jan 2024 12:44:18 +0100 +Subject: [PATCH] Fix USB scanners not working with RestrictAddressFamilies + +colord-sane scanner drivers using libusb can't initialize properly with +RestrictAddressFamilies set to AF_UNIX. Remove that line to ensure those +can work properly. + +This also avoids a crash in HPLIP due to unchecked calls to libusb_init(). + +Fixes #165 +--- + data/colord.service.in | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/data/colord.service.in b/data/colord.service.in +index c358dc4b..45ec5811 100644 +--- a/data/colord.service.in ++++ b/data/colord.service.in +@@ -15,7 +15,6 @@ ProtectKernelModules=true + ProtectKernelLogs=true + ProtectControlGroups=true + RestrictRealtime=true +-RestrictAddressFamilies=AF_UNIX + + ConfigurationDirectory=colord + StateDirectory=colord |