Merge pull request #138969 from andresilva/ledger-live-fix-libudev
This commit is contained in:
commit
286e1b5c1c
2 changed files with 29 additions and 2 deletions
|
@ -1,4 +1,4 @@
|
|||
{ lib, fetchurl, appimageTools, imagemagick }:
|
||||
{ lib, fetchurl, appimageTools, imagemagick, systemd }:
|
||||
|
||||
let
|
||||
pname = "ledger-live-desktop";
|
||||
|
@ -13,9 +13,22 @@ let
|
|||
appimageContents = appimageTools.extractType2 {
|
||||
inherit name src;
|
||||
};
|
||||
in appimageTools.wrapType2 rec {
|
||||
|
||||
# Hotplug events from udevd are fired into the kernel, which then re-broadcasts them over a
|
||||
# special socket, to every libudev client listening for hotplug when the kernel does that. It will
|
||||
# try to preserve the uid of the sender but a non-root namespace (like the fhs-env) cant map root
|
||||
# to a uid, for security reasons, so the uid of the sender becomes nobody and libudev actively
|
||||
# rejects such messages. This patch disables that bit of security in libudev.
|
||||
# See: https://github.com/NixOS/nixpkgs/issues/116361
|
||||
systemdPatched = systemd.overrideAttrs ({ patches ? [ ], ... }: {
|
||||
patches = patches ++ [ ./systemd.patch ];
|
||||
});
|
||||
in
|
||||
appimageTools.wrapType2 rec {
|
||||
inherit name src;
|
||||
|
||||
extraPkgs = pkgs: [ systemdPatched ];
|
||||
|
||||
extraInstallCommands = ''
|
||||
mv $out/bin/${name} $out/bin/${pname}
|
||||
install -m 444 -D ${appimageContents}/ledger-live-desktop.desktop $out/share/applications/ledger-live-desktop.desktop
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
diff --git a/src/libsystemd/sd-device/device-monitor.c b/src/libsystemd/sd-device/device-monitor.c
|
||||
index fd5900704d..f9106fdbe5 100644
|
||||
--- a/src/libsystemd/sd-device/device-monitor.c
|
||||
+++ b/src/libsystemd/sd-device/device-monitor.c
|
||||
@@ -445,9 +445,6 @@ int device_monitor_receive_device(sd_device_monitor *m, sd_device **ret) {
|
||||
"sd-device-monitor: No sender credentials received, message ignored.");
|
||||
|
||||
cred = (struct ucred*) CMSG_DATA(cmsg);
|
||||
- if (cred->uid != 0)
|
||||
- return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN),
|
||||
- "sd-device-monitor: Sender uid="UID_FMT", message ignored.", cred->uid);
|
||||
|
||||
if (streq(buf.raw, "libudev")) {
|
||||
/* udev message needs proper version magic */
|
Loading…
Reference in a new issue