diff options
3 files changed, 19 insertions, 2 deletions
diff --git a/meta-pipewire/recipes-multimedia/pipewire/pipewire/pipewire@.service b/meta-pipewire/recipes-multimedia/pipewire/pipewire/pipewire@.service index 7ecdcc40..a603fdb3 100644 --- a/meta-pipewire/recipes-multimedia/pipewire/pipewire/pipewire@.service +++ b/meta-pipewire/recipes-multimedia/pipewire/pipewire/pipewire@.service @@ -15,6 +15,7 @@ Environment=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/%i/bus User=%i Slice=user-%i.slice +SmackProcessLabel=System::Pipewire SupplementaryGroups=audio UMask=0077 CapabilityBoundingSet= diff --git a/meta-pipewire/recipes-multimedia/pipewire/pipewire/smack-pipewire b/meta-pipewire/recipes-multimedia/pipewire/pipewire/smack-pipewire new file mode 100644 index 00000000..8d5b541f --- /dev/null +++ b/meta-pipewire/recipes-multimedia/pipewire/pipewire/smack-pipewire @@ -0,0 +1,8 @@ +System System::Pipewire rwxa-- +System::Pipewire System -wx--- +System::Pipewire System::Shared r-x--- +System::Pipewire System::Run rwxat- +System::Pipewire System::Log rwxa-- +System::Pipewire _ r-x--l +System::Pipewire User::Home r-x--l +System::Pipewire User::App-Shared rwxat- diff --git a/meta-pipewire/recipes-multimedia/pipewire/pipewire_git.bbappend b/meta-pipewire/recipes-multimedia/pipewire/pipewire_git.bbappend index 31253d03..8a0b0741 100644 --- a/meta-pipewire/recipes-multimedia/pipewire/pipewire_git.bbappend +++ b/meta-pipewire/recipes-multimedia/pipewire/pipewire_git.bbappend @@ -1,11 +1,12 @@ SRC_URI += "\ file://pipewire@.service \ file://pipewire@.socket \ + file://smack-pipewire \ " do_install_append() { if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - # remote the original user unit files shipped by pipewire + # remove the original user unit files shipped by pipewire rm -rf ${D}${systemd_unitdir} # install our own system-level templates @@ -16,7 +17,14 @@ do_install_append() { # enable the socket to start together with afm-user-session mkdir -p ${D}${systemd_system_unitdir}/afm-user-session@.target.wants ln -sf ../pipewire@.socket ${D}${systemd_system_unitdir}/afm-user-session@.target.wants/pipewire@.socket + + # install smack rules + mkdir -p ${D}${sysconfdir}/smack/accesses.d + install -m 0644 ${WORKDIR}/smack-pipewire ${D}${sysconfdir}/smack/accesses.d/pipewire fi } -FILES_${PN} += "${systemd_system_unitdir}/*" +FILES_${PN} += "\ + ${systemd_system_unitdir}/* \ + ${sysconfdir}/smack/accesses.d/* \ +" |