summaryrefslogtreecommitdiffstats
path: root/meta-pipewire
diff options
context:
space:
mode:
Diffstat (limited to 'meta-pipewire')
-rw-r--r--meta-pipewire/recipes-multimedia/pipewire/pipewire/pipewire@.service1
-rw-r--r--meta-pipewire/recipes-multimedia/pipewire/pipewire/smack-pipewire8
-rw-r--r--meta-pipewire/recipes-multimedia/pipewire/pipewire_git.bbappend12
3 files changed, 19 insertions, 2 deletions
diff --git a/meta-pipewire/recipes-multimedia/pipewire/pipewire/pipewire@.service b/meta-pipewire/recipes-multimedia/pipewire/pipewire/pipewire@.service
index 7ecdcc40..a603fdb3 100644
--- a/meta-pipewire/recipes-multimedia/pipewire/pipewire/pipewire@.service
+++ b/meta-pipewire/recipes-multimedia/pipewire/pipewire/pipewire@.service
@@ -15,6 +15,7 @@ Environment=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/%i/bus
User=%i
Slice=user-%i.slice
+SmackProcessLabel=System::Pipewire
SupplementaryGroups=audio
UMask=0077
CapabilityBoundingSet=
diff --git a/meta-pipewire/recipes-multimedia/pipewire/pipewire/smack-pipewire b/meta-pipewire/recipes-multimedia/pipewire/pipewire/smack-pipewire
new file mode 100644
index 00000000..8d5b541f
--- /dev/null
+++ b/meta-pipewire/recipes-multimedia/pipewire/pipewire/smack-pipewire
@@ -0,0 +1,8 @@
+System System::Pipewire rwxa--
+System::Pipewire System -wx---
+System::Pipewire System::Shared r-x---
+System::Pipewire System::Run rwxat-
+System::Pipewire System::Log rwxa--
+System::Pipewire _ r-x--l
+System::Pipewire User::Home r-x--l
+System::Pipewire User::App-Shared rwxat-
diff --git a/meta-pipewire/recipes-multimedia/pipewire/pipewire_git.bbappend b/meta-pipewire/recipes-multimedia/pipewire/pipewire_git.bbappend
index 31253d03..8a0b0741 100644
--- a/meta-pipewire/recipes-multimedia/pipewire/pipewire_git.bbappend
+++ b/meta-pipewire/recipes-multimedia/pipewire/pipewire_git.bbappend
@@ -1,11 +1,12 @@
SRC_URI += "\
file://pipewire@.service \
file://pipewire@.socket \
+ file://smack-pipewire \
"
do_install_append() {
if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
- # remote the original user unit files shipped by pipewire
+ # remove the original user unit files shipped by pipewire
rm -rf ${D}${systemd_unitdir}
# install our own system-level templates
@@ -16,7 +17,14 @@ do_install_append() {
# enable the socket to start together with afm-user-session
mkdir -p ${D}${systemd_system_unitdir}/afm-user-session@.target.wants
ln -sf ../pipewire@.socket ${D}${systemd_system_unitdir}/afm-user-session@.target.wants/pipewire@.socket
+
+ # install smack rules
+ mkdir -p ${D}${sysconfdir}/smack/accesses.d
+ install -m 0644 ${WORKDIR}/smack-pipewire ${D}${sysconfdir}/smack/accesses.d/pipewire
fi
}
-FILES_${PN} += "${systemd_system_unitdir}/*"
+FILES_${PN} += "\
+ ${systemd_system_unitdir}/* \
+ ${sysconfdir}/smack/accesses.d/* \
+"