Hi Antonio, On Sun, Jun 1, 2025 at 9:24 PM Antonio Russo <aerusso@xxxxxxxxxxx> wrote: > > On 2025-05-31 12:17, Guido Günther wrote: > > > > Sounds good to me. The system users include users running the login > > managers which can have more components on e.g. mobile (for emergency > > calls, etc) but I don't think they'd need the mpris-proxy. > > > >> wonder how we can best move forward here, to have it then as well > >> resolved downstream. > > > > I *think* the patch needs a respin by Antonio and once applied we could > > cherry-pick to Debian? > > Here's an updated version of the patch with the @system condition. > > I do not know how to properly acknowledge Andrew Sayers, so please add > whatever trailer is appropriate for that. > > From eabbcf86ddfff98bf15b32e65c8d385d3e85f14c Mon Sep 17 00:00:00 2001 > From: Antonio Enrico Russo <aerusso@xxxxxxxxxxx> > Date: Sun, 1 Jun 2025 18:10:49 -0600 > Subject: [PATCH] Do not start mpris-proxy for system users > > A default installation of bluez results in the systemd user unit > mpris-proxy.service being started for all users---including root. > This unnecessarily exposes system users to any security > vulnerabilities in mpris-proxy. > > Inhibit this default behavior by using ConditionUser=!@system. > > Signed-off-by: Antonio Enrico Russo <aerusso@xxxxxxxxxxx> > --- > tools/mpris-proxy.service.in | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/tools/mpris-proxy.service.in b/tools/mpris-proxy.service.in > index c49d255..6ae56c6 100644 > --- a/tools/mpris-proxy.service.in > +++ b/tools/mpris-proxy.service.in > @@ -4,6 +4,7 @@ Documentation=man:mpris-proxy(1) > > Wants=dbus.socket > After=dbus.socket dbus.service > +ConditionUser=!@system > > [Service] > Type=simple > -- > 2.49.0 Can you send a proper patch with git format-patch + git send-email? Embedding it on another email don't seem to cut it for git am: Applying: Do not start mpris-proxy for root user error: corrupt patch at line 16 Patch failed at 0001 Do not start mpris-proxy for root user > -- Luiz Augusto von Dentz
