From 6d83f1e291e2b2b0b87958844219a4bcb6649252 Mon Sep 17 00:00:00 2001 From: George Kiagiadakis Date: Fri, 21 Jun 2019 20:02:53 +0300 Subject: pipewire: switch system-wide template systemd service & socket files This allows granting pipewire additional permissions, most notably the permission to access the alsa devices (SupplementaryGroups=audio) and therefore fixes pipewire for the "running as non-root" setup Bug-AGL: SPEC-2554 Change-Id: Ie9192a7f42f4929f70114ddc39a23d94f9ba84fc Signed-off-by: George Kiagiadakis --- .../pipewire/pipewire/pipewire@.service | 22 +++++++++++++++++++++ .../pipewire/pipewire/pipewire@.socket | 19 ++++++++++++++++++ .../pipewire/pipewire_git.bbappend | 23 ++++++++++++++++------ 3 files changed, 58 insertions(+), 6 deletions(-) create mode 100644 meta-pipewire/recipes-multimedia/pipewire/pipewire/pipewire@.service create mode 100644 meta-pipewire/recipes-multimedia/pipewire/pipewire/pipewire@.socket (limited to 'meta-pipewire/recipes-multimedia') diff --git a/meta-pipewire/recipes-multimedia/pipewire/pipewire/pipewire@.service b/meta-pipewire/recipes-multimedia/pipewire/pipewire/pipewire@.service new file mode 100644 index 00000000..7ecdcc40 --- /dev/null +++ b/meta-pipewire/recipes-multimedia/pipewire/pipewire/pipewire@.service @@ -0,0 +1,22 @@ +[Unit] +Description=Multimedia Service for user %i +Requires=pipewire@%i.socket + +[Install] +Also=pipewire@%i.socket + +[Service] +Type=simple +Restart=on-failure +ExecStart=/usr/bin/pipewire + +Environment=XDG_RUNTIME_DIR=/run/user/%i +Environment=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/%i/bus + +User=%i +Slice=user-%i.slice +SupplementaryGroups=audio +UMask=0077 +CapabilityBoundingSet= +SystemCallFilter=@basic-io @file-system @io-event @ipc \ + @memlock @network-io @process @resources @signal diff --git a/meta-pipewire/recipes-multimedia/pipewire/pipewire/pipewire@.socket b/meta-pipewire/recipes-multimedia/pipewire/pipewire/pipewire@.socket new file mode 100644 index 00000000..10cb3227 --- /dev/null +++ b/meta-pipewire/recipes-multimedia/pipewire/pipewire/pipewire@.socket @@ -0,0 +1,19 @@ +[Unit] +Description=Multimedia Service socket for user %i +Requires=afm-user-setup@%i.service +After=afm-user-setup@%i.service + +[Socket] +Priority=6 +Backlog=5 +ListenStream=/run/user/%i/pipewire-0 +Service=pipewire@%i.service +SmackLabel=* +SmackLabelIPIn=System +SmackLabelIPOut=System +SocketUser=%i +SocketGroup=%i +SocketMode=0660 + +[Install] +WantedBy=afm-user-session@%i.target diff --git a/meta-pipewire/recipes-multimedia/pipewire/pipewire_git.bbappend b/meta-pipewire/recipes-multimedia/pipewire/pipewire_git.bbappend index 06b969a6..31253d03 100644 --- a/meta-pipewire/recipes-multimedia/pipewire/pipewire_git.bbappend +++ b/meta-pipewire/recipes-multimedia/pipewire/pipewire_git.bbappend @@ -1,11 +1,22 @@ +SRC_URI += "\ + file://pipewire@.service \ + file://pipewire@.socket \ + " + do_install_append() { if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - # Execute these manually on behalf of systemctl script (from systemd-systemctl-native.bb) - # because it does not support systemd's user mode. - mkdir -p ${D}${sysconfdir}/systemd/user/sockets.target.wants/ - ln -sf ${systemd_user_unitdir}/pipewire.socket ${D}${sysconfdir}/systemd/user/sockets.target.wants/pipewire.socket + # remote the original user unit files shipped by pipewire + rm -rf ${D}${systemd_unitdir} + + # install our own system-level templates + mkdir -p ${D}${systemd_system_unitdir}/ + install -m 0644 ${WORKDIR}/pipewire@.service ${D}${systemd_system_unitdir}/pipewire@.service + install -m 0644 ${WORKDIR}/pipewire@.socket ${D}${systemd_system_unitdir}/pipewire@.socket + + # enable the socket to start together with afm-user-session + mkdir -p ${D}${systemd_system_unitdir}/afm-user-session@.target.wants + ln -sf ../pipewire@.socket ${D}${systemd_system_unitdir}/afm-user-session@.target.wants/pipewire@.socket fi } -FILES_${PN} += "${sysconfdir}/systemd/user/" - +FILES_${PN} += "${systemd_system_unitdir}/*" -- cgit 1.2.3-korg