aboutsummaryrefslogtreecommitdiffstats
path: root/meta-security/recipes-connectivity/connman
diff options
context:
space:
mode:
Diffstat (limited to 'meta-security/recipes-connectivity/connman')
-rw-r--r--meta-security/recipes-connectivity/connman/connman_%.bbappend20
-rw-r--r--meta-security/recipes-connectivity/connman/files/connman.service.conf4
2 files changed, 15 insertions, 9 deletions
diff --git a/meta-security/recipes-connectivity/connman/connman_%.bbappend b/meta-security/recipes-connectivity/connman/connman_%.bbappend
index f66c1e79b..3b010490d 100644
--- a/meta-security/recipes-connectivity/connman/connman_%.bbappend
+++ b/meta-security/recipes-connectivity/connman/connman_%.bbappend
@@ -19,14 +19,16 @@
# in which connmand runs, this change is not submitted upstream
# and it can be overridden by a distro via FIX_CONNMAN_CAPABILITIES.
-FIX_CONNMAN_CAPABILITIES ??= ""
-FIX_CONNMAN_CAPABILITIES_with-lsm-smack ??= "fix_connman_capabilities"
-do_install[postfuncs] += "${FIX_CONNMAN_CAPABILITIES}"
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
-fix_connman_capabilities () {
- service="${D}/${systemd_unitdir}/system/connman.service"
- if [ -f "$service" ] &&
- grep -q '^CapabilityBoundingSet=' "$service"; then
- sed -i -e 's/^CapabilityBoundingSet=/CapabilityBoundingSet=CAP_MAC_OVERRIDE /' "$service"
- fi
+SRC_URI_append_with-lsm-smack = "\
+ file://connman.service.conf \
+"
+
+RDEPENDS_${PN}_append_with-lsm-smack = " smack"
+
+FILES_${PN} += "${systemd_unitdir}"
+
+do_install_append_with-lsm-smack() {
+ install -Dm0644 ${WORKDIR}/connman.service.conf ${D}${systemd_unitdir}/system/connman.service.d/smack.conf
}
diff --git a/meta-security/recipes-connectivity/connman/files/connman.service.conf b/meta-security/recipes-connectivity/connman/files/connman.service.conf
new file mode 100644
index 000000000..6ebbf6ad1
--- /dev/null
+++ b/meta-security/recipes-connectivity/connman/files/connman.service.conf
@@ -0,0 +1,4 @@
+[Service]
+CapabilityBoundingSet=CAP_MAC_OVERRIDE
+ExecStartPre=+-/bin/mkdir -p /run/connman
+ExecStartPre=+-/usr/bin/chsmack -t -a System::Shared /run/connman