diff options
author | Ronan Le Martret <ronan.lemartret@iot.bzh> | 2017-04-19 16:16:03 +0200 |
---|---|---|
committer | Jan-Simon Moeller <jsmoeller@linuxfoundation.org> | 2017-05-16 04:51:29 +0000 |
commit | 6ca247d19f2a0d7cc0cb1beb8d26c99e7fac337b (patch) | |
tree | 33f4ff8ea9e3134bede9ff19ea2d596e437d0209 /meta-app-framework | |
parent | 7c227f30c8437d2f5a7b95622d97a86149a716c8 (diff) |
Run weston with dedicated 'display' user and group
* Create a user/group display
* Allow weston to start without mandatory root user
* start weston-terminal for each user
Bug-AGL: SPEC-546
Change-Id: Id50acdbf5f7c07d5e0440575d42998b8819b5547
Signed-off-by: Ronan Le Martret <ronan.lemartret@iot.bzh>
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/9135
Tested-by: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org>
ci-image-build: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org>
ci-image-boot-test: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org>
Reviewed-by: Dominig ar Foll <dominig.arfoll@fridu.net>
Reviewed-by: José Bollo <jobol@nonadev.net>
Reviewed-by: Stéphane Desneux <stephane.desneux@iot.bzh>
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Diffstat (limited to 'meta-app-framework')
10 files changed, 149 insertions, 16 deletions
diff --git a/meta-app-framework/recipes-config/agl-login-manager/agl-login-manager_0.1.bb b/meta-app-framework/recipes-config/agl-login-manager/agl-login-manager_0.1.bb new file mode 100644 index 000000000..c86838268 --- /dev/null +++ b/meta-app-framework/recipes-config/agl-login-manager/agl-login-manager_0.1.bb @@ -0,0 +1,47 @@ +SUMMARY = "AGL Login manager" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + +inherit agl-graphical + +SRC_URI += " \ + file://user-config.service \ + file://user-config.path \ + file://agl-user-session.pamd \ + file://agl-user-session@.service \ +" + +LOGIN_USER ??="agl-driver agl-passenger" + +do_install_append() { + + install -d ${D}${sysconfdir}/pam.d/ + install -m 0644 ${WORKDIR}/agl-user-session.pamd ${D}${sysconfdir}/pam.d/agl-user-session + + install -d ${D}${systemd_user_unitdir} + install -d ${D}${systemd_user_unitdir}/default.target.wants + install -m 0644 ${WORKDIR}/user-config.service ${D}${systemd_user_unitdir} + install -m 0644 ${WORKDIR}/user-config.path ${D}${systemd_user_unitdir} + + sed -e 's,@DISPLAY_XDG_RUNTIME_DIR@,${DISPLAY_XDG_RUNTIME_DIR},g' \ + -i ${D}${systemd_user_unitdir}/user-config.service + sed -e 's,@DISPLAY_XDG_RUNTIME_DIR@,${DISPLAY_XDG_RUNTIME_DIR},g' \ + -i ${D}${systemd_user_unitdir}/user-config.path + + ln -sf ${systemd_user_unitdir}/user-config.path ${D}${systemd_user_unitdir}/default.target.wants + + install -d ${D}${systemd_unitdir}/system/ + install -d ${D}${systemd_unitdir}/system/multi-user.target.wants/ + install -m 0644 ${WORKDIR}/agl-user-session@.service ${D}${systemd_unitdir}/system/ + + for AGL_USER in ${LOGIN_USER};do + ln -sf ${systemd_system_unitdir}/agl-user-session@.service ${D}${systemd_unitdir}/system/multi-user.target.wants/agl-user-session@${AGL_USER}.service; + done +} + +FILES_${PN} += "${sysconfdir}/pam.d/agl-user-session" +FILES_${PN} += "${systemd_user_unitdir}/*" +FILES_${PN} += "${libdir}/systemd/user/default.target.wants/*" +FILES_${PN} += "${systemd_unitdir}/system/agl-user-session@.service" +FILES_${PN} += "${systemd_unitdir}/system/multi-user.target.wants/*" diff --git a/meta-app-framework/recipes-config/agl-login-manager/files/agl-user-session.pamd b/meta-app-framework/recipes-config/agl-login-manager/files/agl-user-session.pamd new file mode 100644 index 000000000..462c3648b --- /dev/null +++ b/meta-app-framework/recipes-config/agl-login-manager/files/agl-user-session.pamd @@ -0,0 +1,3 @@ +account include common-account +session required pam_loginuid.so +session include common-session diff --git a/meta-app-framework/recipes-config/agl-login-manager/files/agl-user-session@.service b/meta-app-framework/recipes-config/agl-login-manager/files/agl-user-session@.service new file mode 100644 index 000000000..b128a40c8 --- /dev/null +++ b/meta-app-framework/recipes-config/agl-login-manager/files/agl-user-session@.service @@ -0,0 +1,18 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=User Manager for UID %i +After=systemd-user-sessions.service + +[Service] +User=%i +PAMName=agl-user-session +ExecStart=-/bin/sleep 2147483648 +KillMode=mixed +Delegate=yes +TasksMax=infinity diff --git a/meta-app-framework/recipes-config/agl-login-manager/files/user-config.path b/meta-app-framework/recipes-config/agl-login-manager/files/user-config.path new file mode 100644 index 000000000..07f61f646 --- /dev/null +++ b/meta-app-framework/recipes-config/agl-login-manager/files/user-config.path @@ -0,0 +1,8 @@ +[Unit] +Description=AGL user config unit path + +[Path] +PathExists=@DISPLAY_XDG_RUNTIME_DIR@/wayland-0 + +[Install] +WantedBy=default.target diff --git a/meta-app-framework/recipes-config/agl-login-manager/files/user-config.service b/meta-app-framework/recipes-config/agl-login-manager/files/user-config.service new file mode 100644 index 000000000..0bf37fb4b --- /dev/null +++ b/meta-app-framework/recipes-config/agl-login-manager/files/user-config.service @@ -0,0 +1,8 @@ +[Unit] +Description=AGL user config + +[Service] +ExecStart=/bin/ln -sf @DISPLAY_XDG_RUNTIME_DIR@/wayland-0 %t/ + +[Install] +WantedBy=default.target diff --git a/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb b/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb index 832c51c99..f98888d28 100644 --- a/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb +++ b/meta-app-framework/recipes-config/agl-users/agl-users_0.1.bb @@ -7,15 +7,14 @@ DESCRIPTION = "This is a core framework component that\ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" - -SRC_URI = "" - ALLOW_EMPTY_${PN} = "1" USERADD_PACKAGES = "${PN}" +GROUPADD_PARAM_${PN} = " --system display ; --system weston-launch" + USERADD_PARAM_${PN} = "\ - -g users -d /home/agl-driver -m -K PASS_MAX_DAYS=-1 agl-driver ; \ - -g users -d /home/agl-passenger -m -K PASS_MAX_DAYS=-1 agl-passenger \ + -g users -G display -d /home/agl-driver -m -K PASS_MAX_DAYS=-1 agl-driver ; \ + -g users -G display -d /home/agl-passenger -m -K PASS_MAX_DAYS=-1 agl-passenger ; \ + --gid display --groups weston-launch,video,input --home-dir /run/platform/display --shell /bin/false --comment \"Display daemon\" --key PASS_MAX_DAYS=-1 display \ " - diff --git a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb index 153be3acf..5cc574086 100644 --- a/meta-app-framework/recipes-core/af-main/af-main_1.0.bb +++ b/meta-app-framework/recipes-core/af-main/af-main_1.0.bb @@ -76,27 +76,37 @@ do_install_append_class-target() { } do_install_append_porter() { - echo "LD_PRELOAD=/usr/lib/libEGL.so" > ${D}${afm_confdir}/unit.env.d/preload-libEGL + echo "LD_PRELOAD=/usr/lib/libEGL.so" > ${D}${afm_confdir}/unit.env.d/preload-libEGL } pkg_postinst_${PN}() { if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - chgrp ${afm_name} $D${systemd_units_root}/{system,user}/{default.target.wants,.} + for SYS in "system" "user";do + for DEST in "default.target.wants" ".";do + chgrp ${afm_name} $D${systemd_units_root}/${SYS}/${DEST}; + done + done fi - chown ${afm_name}:${afm_name} $D${afm_datadir}/{applications,icons,.} + for DEST in "applications" "icons" ".";do + chown ${afm_name}:${afm_name} $D${afm_datadir}/${DEST}; + done setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon - setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon } pkg_postinst_${PN}_smack() { if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then - chgrp ${afm_name} $D${systemd_units_root}/{system,user}/{default.target.wants,.} - chsmack -a 'System::Shared' -t $D${systemd_units_root}/{system,user}/{default.target.wants,.} + for SYS in "system" "user";do + for DEST in "default.target.wants" ".";do + chgrp ${afm_name} $D${systemd_units_root}/${SYS}/${DEST}; + chsmack -a 'System::Shared' -t $D${systemd_units_root}/${SYS}/${DEST}; + done + done fi - chown ${afm_name}:${afm_name} $D${afm_datadir}/{applications,icons,.} - chsmack -a 'System::Shared' -t $D${afm_datadir}/{applications,icons,.} + for DEST in "applications" "icons" ".";do + chown ${afm_name}:${afm_name} $D${afm_datadir}/${DEST}; + chsmack -a 'System::Shared' -t $D${afm_datadir}/${DEST}; + done setcap cap_mac_override,cap_dac_override=ep $D${bindir}/afm-system-daemon - setcap cap_mac_override,cap_mac_admin,cap_setgid=ep $D${bindir}/afm-user-daemon } FILES_${PN} += " ${systemd_units_root} " @@ -107,4 +117,3 @@ FILES_${PN}-binding-dbg = " ${afb_binding_dir}/.debug/afm-main-binding.so " PACKAGES =+ "${PN}-tools ${PN}-tools-dbg" FILES_${PN}-tools = "${bindir}/wgtpkg-*" FILES_${PN}-tools-dbg = "${bindir}/.debug/wgtpkg-*" - diff --git a/meta-app-framework/recipes-graphics/agl-desktop-config/agl-desktop-config_0.1.bb b/meta-app-framework/recipes-graphics/agl-desktop-config/agl-desktop-config_0.1.bb new file mode 100644 index 000000000..e0358d615 --- /dev/null +++ b/meta-app-framework/recipes-graphics/agl-desktop-config/agl-desktop-config_0.1.bb @@ -0,0 +1,21 @@ +SUMMARY = "AGL desktop config" + +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" + +SRC_URI += " \ + file://user-weston-term.service \ + file://user-weston-term.path \ +" + +do_install_append() { + install -d ${D}${systemd_user_unitdir} + install -m 0644 ${WORKDIR}/user-weston-term.service ${D}${systemd_user_unitdir} + install -m 0644 ${WORKDIR}/user-weston-term.path ${D}${systemd_user_unitdir} + + install -d ${D}${systemd_user_unitdir}/default.target.wants + ln -sf ${systemd_user_unitdir}/user-weston-term.path ${D}${libdir}/systemd/user/default.target.wants +} + +FILES_${PN} += "${systemd_user_unitdir}/*" +FILES_${PN} += "${systemd_user_unitdir}/default.target.wants/default.target.wants" diff --git a/meta-app-framework/recipes-graphics/agl-desktop-config/files/user-weston-term.path b/meta-app-framework/recipes-graphics/agl-desktop-config/files/user-weston-term.path new file mode 100644 index 000000000..9481840e5 --- /dev/null +++ b/meta-app-framework/recipes-graphics/agl-desktop-config/files/user-weston-term.path @@ -0,0 +1,8 @@ +[Unit] +Description=Terminal for weston user unit path + +[Path] +PathExists=%t/wayland-0 + +[Install] +WantedBy=default.target diff --git a/meta-app-framework/recipes-graphics/agl-desktop-config/files/user-weston-term.service b/meta-app-framework/recipes-graphics/agl-desktop-config/files/user-weston-term.service new file mode 100644 index 000000000..ad8b9583b --- /dev/null +++ b/meta-app-framework/recipes-graphics/agl-desktop-config/files/user-weston-term.service @@ -0,0 +1,12 @@ +[Unit] +Description=Terminal for weston user +After=user-config.service +Requires=user-config.service + +[Service] +Type=simple +ExecStart=/usr/bin/weston-terminal +Restart=always + +[Install] +WantedBy=multi-user.target |