pmaports/temp/iio-sensor-proxy/0008-data-iio-sensor-proxy.service.in-add-AF_QIPCRTR.patch

30 lines
1 KiB
Diff
Raw Normal View History

From c70950f1e33aba5c58c337e8dfb73d40efed5b5d Mon Sep 17 00:00:00 2001
From: Dylan Van Assche <me@dylanvanassche.be>
Date: Sat, 1 Jun 2024 21:15:15 +0200
Subject: [PATCH 8/8] data: iio-sensor-proxy.service.in: add AF_QIPCRTR
Allow AF_QIPCRTR in lockdown for libssc.
Libssc uses the QMI protocol over QRTR in the kernel.
Systemd limits the address families to UNIX, LOCAL, and NETLINK.
However, QRTR uses its own address family: AF_QIPCRTR.
Add it to the allowed families.
---
data/iio-sensor-proxy.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/data/iio-sensor-proxy.service.in b/data/iio-sensor-proxy.service.in
index 4bc921b..29ea3c0 100644
--- a/data/iio-sensor-proxy.service.in
+++ b/data/iio-sensor-proxy.service.in
@@ -14,6 +14,6 @@ ProtectControlGroups=true
ProtectHome=true
ProtectKernelModules=true
PrivateTmp=true
-RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK
+RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK AF_QIPCRTR
MemoryDenyWriteExecute=true
RestrictRealtime=true
--
2.45.1