service: set User=root so that gio doesn't have to look into /etc/passwdlr/service-user

GVfs' libgvfsdbus.so GIo module, when automatically loaded, attempts to
discover if there's a session D-Bus instance to use. It tries real hard
to get the socket name it would use -- in absence of XDG_RUNTIME_DIR it
decides to make it up with user's home directory. When HOME is unset
too, it just tries to figure it out by looking into /etc/passwd. Which
upsets SELinux that would better not see us looking into it.

We trigger the load of the GIo modules, by using the GFile API to access
the the ports in /dev. They're utterly uesless to us, but there doesn't
seem to be a way to disable their load. Oh well.

For now, let's just ensure HOME is set and the problematic path in glib
is not taken.

1 files changed, 1 insertions, 0 deletions

diff --git a/data/ModemManager.service.in b/data/ModemManager.service.in
index 478677695..420d22b19 100644
--- a/data/ModemManager.service.in
+++ b/data/ModemManager.service.in
@@ -13,6 +13,7 @@ ProtectHome=true
 PrivateTmp=true
 RestrictAddressFamilies=AF_NETLINK AF_UNIX
 NoNewPrivileges=true
+User=root
 
 [Install]
 WantedBy=multi-user.target