On Wed, Apr 11, 2018 at 4:10 AM, Dan Williams <[email protected]> wrote: > On Tue, 2018-04-10 at 15:08 +0200, Aleksander Morgado wrote: >> Distributions wanting to use a different filter policy than the >> DEFAULT one were advised to patch themselves the corresponding init >> files. >> >> We now allow doing this directly at configure time by using a new >> `--with-filter-policy=[POLICY]' option that accepts one of "default", >> "strict", "paranoid" or "whitelist-only". >> >> The suggested policy for standard distributions is "strict". >> --- >> >> Hey, >> >> Would this new configure switch be enough to avoid needing to patch >> the service file in each distribution? > > So this would mostly work, except that if a specific user wants to > change their policy after install, they would now fail RPM verification > because the systemd unit files are not config files. >
Ohhh right > What Fedora typically does here would be something like: > > EnvironmentFile=/etc/sysconfig/ModemManager > Exec=/usr/sbin/ModemManager --filter-policy=$FILTER_POLICY > > and then install an /etc/sysconfig/ModemManager with: > > FILTER_POLICY=strict > > and mark /etc/sysconfig/ModemManager as %config in the RPM. > > That allows the user to change the policy from the distro default via > /etc/sysconfig/ModemManager and still maintain package integrity with > "rpm -V". > > Obviously this doesn't work for the D-Bus service file, but I guess we > could have a wrapper script that sources the env file and then runs MM > with the right parameters. > > Or, for a distro-independent solution, a real config file... > Maybe it's time we ship a config file? These different policy configs probably deserve it. What do others think? -- Aleksander https://aleksander.es _______________________________________________ ModemManager-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/modemmanager-devel
