From 853db0dbf065b1be266430255f0493dd7b824d78 Mon Sep 17 00:00:00 2001 From: borine <32966433+borine@users.noreply.github.com> Date: Fri, 8 Jul 2022 16:53:02 +0100 Subject: [PATCH] Set user for systemd services during configuration --- README.md | 5 ++--- configure.ac | 19 ++++++++++++++++++- misc/systemd/Makefile.am | 6 +++++- misc/systemd/bluealsa-aplay.service.in | 5 +++++ misc/systemd/bluealsa.service.in | 4 ++++ src/Makefile.am | 10 ++++++++++ src/{bluealsa.conf => bluealsa.conf.in} | 2 +- 7 files changed, 45 insertions(+), 6 deletions(-) rename src/{bluealsa.conf => bluealsa.conf.in} (94%) diff --git a/README.md b/README.md index eb4d56df3..c4c5599d6 100644 --- a/README.md +++ b/README.md @@ -205,9 +205,8 @@ wiki page. Additionally, the cause of the "PCM not found" error might be an incorrect ALSA PCM name. Run `bluealsa-aplay --list-pcms` for the list of currently available ALSA PCM names - it might give - you a hint what is wrong with your `.asoundrc` entry. Also, take a look at the "[Using the - bluealsa ALSA pcm plugin](https://github.com/Arkq/bluez-alsa/wiki/Using-the-bluealsa-ALSA-pcm-plugin)" - bluez-alsa wiki page. + you a hint what is wrong with your `.asoundrc` entry. Also, take a look at the + [bluealsa-plugins man page](./doc/bluealsa-plugins.7.rst). ## Resources diff --git a/configure.ac b/configure.ac index 4fc16c012..9632d74d8 100644 --- a/configure.ac +++ b/configure.ac @@ -229,7 +229,8 @@ AM_COND_IF([ENABLE_UPOWER], [ ]) AC_ARG_ENABLE([payloadcheck], - [AS_HELP_STRING([--disable-payloadcheck], [disable RTP payload type check (workaround for a PulseAudio bug)])]) + [AS_HELP_STRING([--disable-payloadcheck], [disable RTP payload type check (workaround + for PulseAudio < 13.0 bug)])]) AM_CONDITIONAL([ENABLE_PAYLOADCHECK], [test "x$enable_payloadcheck" != "xno"]) AM_COND_IF([ENABLE_PAYLOADCHECK], [ AC_DEFINE([ENABLE_PAYLOADCHECK], [1], [Define to 1 if PAYLOADCHECK is enabled.]) @@ -340,6 +341,22 @@ AC_ARG_WITH([systemdbluealsaaplayargs], [systemdbluealsaaplayargs=""]) AC_SUBST([SYSTEMD_BLUEALSA_APLAY_ARGS], [$systemdbluealsaaplayargs]) +AC_ARG_WITH([bluealsauser], + AS_HELP_STRING([--with-bluealsauser=USER], [set up installation to run bluealsa as user + USER, defaults to root if not specified. When used with bluez <= 5.50, USER must be a + member of the "bluetooth" group.]), + [bluealsauser="${withval}"], + [bluealsauser="root"]) +AC_SUBST([BLUEALSA_USER], [$bluealsauser]) + +AC_ARG_WITH([bluealsaaplayuser], + AS_HELP_STRING([--with-bluealsaaplayuser=USER], [set up installation to run bluealsa-aplay + as user USER, defaults to root if not specified. USER must be a member of the "audio" + group.]), + [bluealsaaplayuser="${withval}"], + [bluealsaaplayuser="root"]) +AC_SUBST([BLUEALSA_APLAY_USER], [$bluealsaaplayuser]) + AC_CONFIG_FILES([ Makefile doc/Makefile diff --git a/misc/systemd/Makefile.am b/misc/systemd/Makefile.am index 3a5ebd2ff..01243d6d3 100644 --- a/misc/systemd/Makefile.am +++ b/misc/systemd/Makefile.am @@ -3,6 +3,8 @@ systemdbluealsaargs = $(SYSTEMD_BLUEALSA_ARGS) systemdbluealsaaplayargs = $(SYSTEMD_BLUEALSA_APLAY_ARGS) +bluealsauser = $(BLUEALSA_USER) +bluealsaaplayuser = $(BLUEALSA_APLAY_USER) systemdsystemunitdir = $(SYSTEMD_SYSTEM_UNIT_DIR) @@ -16,7 +18,9 @@ MOSTLYCLEANFILES = $(dist_systemdsystemunit_DATA) SYSTEMD_SERVICE_SUBS = \ s,[@]bindir[@],$(bindir),g; \ s,[@]systemdbluealsaargs[@],$(systemdbluealsaargs),g; \ - s,[@]systemdbluealsaaplayargs[@],$(systemdbluealsaaplayargs),g; + s,[@]systemdbluealsaaplayargs[@],$(systemdbluealsaaplayargs),g; \ + s,[@]bluealsauser[@],$(bluealsauser),g; \ + s,[@]bluealsaaplayuser[@],$(bluealsaaplayuser),g; .in: $(SED) -e '$(SYSTEMD_SERVICE_SUBS)' < $< > $@ diff --git a/misc/systemd/bluealsa-aplay.service.in b/misc/systemd/bluealsa-aplay.service.in index f8792fc17..acd496ab6 100644 --- a/misc/systemd/bluealsa-aplay.service.in +++ b/misc/systemd/bluealsa-aplay.service.in @@ -15,6 +15,8 @@ Requisite=dbus.service [Service] Type=simple +User=@bluealsaaplayuser@ +Group=audio ExecStart=@bindir@/bluealsa-aplay @systemdbluealsaaplayargs@ Restart=on-failure @@ -28,13 +30,16 @@ MemoryDenyWriteExecute=true NoNewPrivileges=true PrivateTmp=true PrivateUsers=true +ProtectClock=true ProtectControlGroups=true ProtectHome=true ProtectHostname=true ProtectKernelLogs=true ProtectKernelModules=true ProtectKernelTunables=true +ProtectProc=invisible ProtectSystem=strict +RemoveIPC=true RestrictAddressFamilies=AF_UNIX RestrictNamespaces=true RestrictRealtime=true diff --git a/misc/systemd/bluealsa.service.in b/misc/systemd/bluealsa.service.in index d181d95f3..b4796bf2c 100644 --- a/misc/systemd/bluealsa.service.in +++ b/misc/systemd/bluealsa.service.in @@ -17,6 +17,7 @@ After=bluetooth.service [Service] Type=dbus BusName=org.bluealsa +User=@bluealsauser@ ExecStart=@bindir@/bluealsa @systemdbluealsaargs@ Restart=on-failure @@ -29,13 +30,16 @@ NoNewPrivileges=true PrivateDevices=true PrivateTmp=true PrivateUsers=true +ProtectClock=true ProtectControlGroups=true ProtectHome=true ProtectHostname=true ProtectKernelLogs=true ProtectKernelModules=true ProtectKernelTunables=true +ProtectProc=invisible ProtectSystem=strict +RemoveIPC=true RestrictAddressFamilies=AF_UNIX AF_BLUETOOTH RestrictNamespaces=true RestrictRealtime=true diff --git a/src/Makefile.am b/src/Makefile.am index 9f35a5e0a..459af6582 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -5,6 +5,7 @@ bin_PROGRAMS = bluealsa SUBDIRS = asound dbusconfdir = @DBUS_CONF_DIR@ +dbusbluealsauser = @BLUEALSA_USER@ dist_dbusconf_DATA = bluealsa.conf bluealsa_SOURCES = \ @@ -127,3 +128,12 @@ LDADD = \ @MPG123_LIBS@ \ @SBC_LIBS@ \ @SPANDSP_LIBS@ + +SUFFIXES = .conf.in .conf +MOSTLYCLEANFILES = $(dist_dbusconf_DATA) + +DBUSCONF_SUBS = \ + s,[@]bluealsauser[@],$(dbusbluealsauser),g; + +.conf.in.conf: + $(SED) -e '$(DBUSCONF_SUBS)' < $< > $@ diff --git a/src/bluealsa.conf b/src/bluealsa.conf.in similarity index 94% rename from src/bluealsa.conf rename to src/bluealsa.conf.in index e8a639deb..ba425ce6e 100644 --- a/src/bluealsa.conf +++ b/src/bluealsa.conf.in @@ -7,7 +7,7 @@ - +