On Wed, 2018-04-11 at 10:15 +0200, Aleksander Morgado wrote: > On Wed, Apr 11, 2018 at 4:10 AM, Dan Williams <d...@redhat.com> > wrote: > > On Tue, 2018-04-10 at 15:08 +0200, Aleksander Morgado wrote: > > > Distributions wanting to use a different filter policy than the > > > DEFAULT one were advised to patch themselves the corresponding > > > init > > > files. > > > > > > We now allow doing this directly at configure time by using a new > > > `--with-filter-policy=[POLICY]' option that accepts one of > > > "default", > > > "strict", "paranoid" or "whitelist-only". > > > > > > The suggested policy for standard distributions is "strict". > > > --- > > > > > > Hey, > > > > > > Would this new configure switch be enough to avoid needing to > > > patch > > > the service file in each distribution? > > > > So this would mostly work, except that if a specific user wants to > > change their policy after install, they would now fail RPM > > verification > > because the systemd unit files are not config files. > > > > Ohhh right > > > What Fedora typically does here would be something like: > > > > EnvironmentFile=/etc/sysconfig/ModemManager > > Exec=/usr/sbin/ModemManager --filter-policy=$FILTER_POLICY > > > > and then install an /etc/sysconfig/ModemManager with: > > > > FILTER_POLICY=strict > > > > and mark /etc/sysconfig/ModemManager as %config in the RPM. > > > > That allows the user to change the policy from the distro default > > via > > /etc/sysconfig/ModemManager and still maintain package integrity > > with > > "rpm -V". > > > > Obviously this doesn't work for the D-Bus service file, but I guess > > we > > could have a wrapper script that sources the env file and then runs > > MM > > with the right parameters. > > > > Or, for a distro-independent solution, a real config file... > > > > Maybe it's time we ship a config file? These different policy configs > probably deserve it. > What do others think?
Yeah, we probably should just do this. Dan _______________________________________________ ModemManager-devel mailing list ModemManager-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/modemmanager-devel