From 46cfe8f50db6d15a00384cc422f1f9d068207238 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Sun, 28 Mar 2021 13:00:49 +0200
Subject: [PATCH] units: make locale directory writable for systemd-localed

With 8f20232fcb52dbe6255f3df6101fc057af90bcfa systemd-localed supports
generating locales when required. This fails if the locale directory is
read-only, so make it writable.

Closes #19138
---
 meson.build                      | 3 +++
 units/systemd-localed.service.in | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/meson.build b/meson.build
index f41a811e2e..6a474afdac 100644
--- a/meson.build
+++ b/meson.build
@@ -857,10 +857,13 @@ conf.set_quoted('SYSTEMD_DEFAULT_LOCALE', default_locale)
 
 localegen_path = get_option('localegen-path')
 have = false
+writable = ''
 if localegen_path != ''
         conf.set_quoted('LOCALEGEN_PATH', localegen_path)
         have = true
+        writable = ' /usr/lib/locale'
 endif
+substs.set('SERVICE_LOCALEGEN_WRITABLE', writable)
 conf.set10('HAVE_LOCALEGEN', have)
 
 conf.set_quoted('GETTEXT_PACKAGE', meson.project_name())
diff --git a/units/systemd-localed.service.in b/units/systemd-localed.service.in
index 652b956a34..e60a173591 100644
--- a/units/systemd-localed.service.in
+++ b/units/systemd-localed.service.in
@@ -33,7 +33,7 @@ ProtectKernelLogs=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 ProtectSystem=strict
-ReadWritePaths=/etc
+ReadWritePaths=/etc@SERVICE_LOCALEGEN_WRITABLE@
 RestrictAddressFamilies=AF_UNIX
 RestrictNamespaces=yes
 RestrictRealtime=yes