In the systemd unit file of bluez-5.64, there is:
ProtectSystem=full
ReadWritePaths=/var/lib/bluetooth
The combination of these two options make systemd to bind mount /
recursively and read-only to /run/systemd/unit-root in a new mount
namespace, then bind mount /var/lib/bluetooth to
/run/systemd/unit-root/var/lib/bluetooth, then run bluez in the chroot
at /run/systemd/unit-root in the separate namespace.
This helps to reduce the potential damage if a bluez security
vulnerability is exposed. But, if /var/lib/bluetooth does not exist,
systemd will fail to bind mount it and complain:
bluetooth.service: bluetooth.service: Failed to set up mount
namespacing: /run/systemd/unit-root/var/lib/bluetooth: No such
file or directory
As a simple workaround, just create this directory at installation. A
more elegant solution will be shipped in bluez-5.65:
https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=0905a06
Q: Why -m700?
A: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=edc69d2
I know it is somewhat useless, but I don't like them for
two reasons: first they cannot be seen, and I do not like things I
cannot see. Second, git highlights them, and this is disturbing...
Update to qpdf-10.2.0
Update to libgxps-0.3.2
Update to babl-0.1.86
Update to libqmi-1.28.2
Update to poppler-21.03.0
Update to URI-5.09 (Perl Module)
Update to gtksourceview4-4.8.1
Update to OpenSSH-8.5p1 (and ssh-askpass-8.5p1)
libwacom: Correct version number
libwacom: Add libwacom-show-stylus
bluez: Drop the patch
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24333 af4574ff-66df-0310-9fd7-8a98e5e911e0
In the process, some attributes in single quotes have been changed to double
quotes, and a few attribute lists have been written on one line instead of
several lines.
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24236 af4574ff-66df-0310-9fd7-8a98e5e911e0
Update to WebKitGTK+-2.30.5
Update to asciidoc-9.1.0
Update to xterm-366 (Security Update)
Fix a crash in bluez when using A2DP-based bluetooth devices
Belatedly mark Jinja2 as a security update
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24213 af4574ff-66df-0310-9fd7-8a98e5e911e0
Update to bluez-5.53.
Update to IO-Socket-SSL-2.067 (Perl module).
Update to Net-DNS-1.22 (Perl module).
Tag python modules and other misc files.
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@22706 af4574ff-66df-0310-9fd7-8a98e5e911e0
Update to node.js-10.16.3.
Update to gtk-doc-1.32.
Tag qt5 and its dependencies.
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@21996 af4574ff-66df-0310-9fd7-8a98e5e911e0
Update to unrar-5.6.2.
Update to libidn-1.34.
Update to fuse-3.2.2.
Start obexd on bluez page.
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@20058 af4574ff-66df-0310-9fd7-8a98e5e911e0
Update to gnumeric-1.12.38.
Update to feh-2.3.
Update to goffice-0.10.38.
Update to bluez-5.48.
Update to docbook-xsl-1.79.2.
Update to v4l-utils-1.14.1.
Update to whois-5.2.20.
git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@19632 af4574ff-66df-0310-9fd7-8a98e5e911e0
