Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tweak systemd unit definition #190

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Tweak systemd unit definition #190

wants to merge 3 commits into from

Conversation

sftim
Copy link
Contributor

@sftim sftim commented Feb 6, 2022

ℹ️ UNTESTED

These changes ought to make the systemd unit automatically restart (see #183), and run with extra security restrictions.
I haven't tried them though. Nonetheless I hope the PR is useful. Anyone who wants to is welcome to test this out and report back.

@sftim
Set webcam service to autoheal
01a3679 
Configure the unit to restart whenever the gadget process stops.
@sftim
Tidy description for uvc-webcam service
34feb97 
The revised description describes the unit declaratively, rather than
the edge action (starting the service).
@sftim
Add security restrictions
c8c1220 
Configure systemd not to allow the webcam to make any network access,
and impose other restrictions.
@dgsiegel
Copy link
Contributor

dgsiegel commented Feb 6, 2022

Looks good! We might even make use of more systemd capabilites. Looking at start-webcam.sh, it could be easily replaces as it does three things:

  1. Check if both /dev/video0 and /dev/video1 exist. Could be replaced with ConditionPathExists
  2. Applying config. Could be a small shell script run with ExecStartPre
  3. Running the actual uvc-gadet. Could be run with ExecStart

@dgsiegel
Copy link
Contributor

@sftim wanna check these three things out?

@sftim
Copy link
Contributor Author

sftim commented Feb 16, 2022

I'm not going to have any time to move this PR forward with extra changes, at least not for the foreseeable. Sorry about that.
I'm happy if someone wants to open a new PR that takes my 3 commits and adds some more, or to start from scratch.

@sftim sftim closed this Feb 16, 2022
@sftim
Copy link
Contributor Author

sftim commented Feb 16, 2022

Whoops.

@sftim sftim reopened this Feb 16, 2022
@sftim
Copy link
Contributor Author

sftim commented Jan 4, 2024

Even if this isn't perfect, perhaps it's OK to merge as-is? The key thing would be to verify it actually works.

@dgsiegel
Copy link
Contributor

dgsiegel commented Jan 4, 2024
edited

Even if this isn't perfect, perhaps it's OK to merge as-is? The key thing would be to verify it actually works.

I'd rather not merge something that wasn't verified. But you can easily use the Github Action to build your images and try those. Also you could replace squashfs with ext4 in your build, to test without having to build a new image every time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@sftim @dgsiegel