summaryrefslogtreecommitdiffstats
path: root/meta-agl-core/files/passwd
AgeCommit message (Collapse)AuthorFilesLines
2022-11-10meta-app-framework: applaunchd: run under a separate userDenys Dmytriyenko1-0/+1
Since applaunchd needs to start/stop systemd units, the user is granted elevated systemd unit-management permissions via PolKit policy. If applaunchd and all the apps run under the same agl-driver user, all the apps have these elevated systemd permissions too. Separating them into different users allows removing elevated systemd unit-management permission from individual apps, but leaving such permission for applaunchd, which enhances overall security of the system. - add new applaunchd user and group - switch applaunchd (gRPC) service to be started under new user - since HTML5 apps haven't migrated to gRPC yet and still use D-Bus API, applaunchd-dbus gets activated by agl-session and runs under agl-driver - temporarily add agl-driver user into the applaunchd group and switch PolKit policy to check for applaunchd group, instead of the user - once D-Bus API is completely deprecated, agl-driver user can be removed from applaunchd group Bug-AGL: SPEC-4579 Signed-off-by: Denys Dmytriyenko <denys@konsulko.com> Change-Id: I75384177578bba6cb458a81df6a9dc1738c972e0 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28039 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> (cherry picked from commit 924b71fb656fec0925726174f65676ef6a8a9329) Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/28137
2022-05-30meta-agl-core: add kuksa user and groupScott Murray1-0/+1
Add a kuksa user and group to the static passwd and group files to facilitate running the KUKSA.val Vehicle Information Service (VIS) server as non-root and control access to some of its configuration files. Bug-AGL: SPEC-4405 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: I199d79df42a6e5ea032ccfa084a1d38625b508f0 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27557 Tested-by: Jenkins Job builder account ci-image-build: Jenkins Job builder account ci-image-boot-test: Jenkins Job builder account Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> (cherry picked from commit 9363f1c67fe97a0c47cf44985ce0fb7f879bf7ac) Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/27538
2021-11-04meta-agl-core: Update weston/agl-compositor initScott Murray1-1/+1
Changes/rework to get weston and agl-compositor starting again: - Since an upgrade to a newer Yocto release is in the near future, update weston-init and associated files to effectively backport the new weston startup behavior added in 3.3/Hardknott as our new base. The changes mean weston or agl-compositor will by default start as a "weston" user that replaces the "display" user that had been added previously in AGL. The goal is that any new work done on top of this base should hopefully work on 3.5/Kirkstone without further substantial rework. - Add new agl-compositor-init recipe that replaces the previous weston-init bbappend in meta-agl-demo. Having it as a separate recipe in core so weston or agl-compositor "just work" in simple test images seems like a better approach. - As part of the above, drop the --log option to agl-compositor in its command-line to address SPEC-4112. - Add SYSTEMD_DEFAULT_TARGET definition to agl-image-weston and in a new core-image-weston bbappend to result in agl-compositor and weston starting automatically in the corresponding images. This is required with the new weston-init behavior until we upgrade past 3.3/Hardknott, when "weston" in IMAGE_FEATURES can be used instead. Bug-AGL: SPEC-4121, SPEC-4112 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ia64894416846569abf8e744006ef26637279a895 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26782 Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Tested-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2021-04-26meta-pipewire: update to pipewire 0.3.25 and wireplumber masterGeorge Kiagiadakis1-0/+1
Bug-AGL: SPEC-3844 Change-Id: Ie32bfa43bf078c7d218d3150dc616501b8848bd0 Signed-off-by: George Kiagiadakis <george.kiagiadakis@collabora.com> Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/26094 Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Tested-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
2020-12-17SPEC-3723: restructure meta-aglJan-Simon Moeller1-0/+62
Goal is to reach a minimal meta-agl-core as base for IVI and IC work at the same time. Trim dependencies and move most 'demo' related recipes to meta-agl-demo. v2: changed to bbapend + .inc , added description v3: testbuild of all images v4: restore -test packagegroup and -qa images, compare manifests and adapt packagegroups. v5: rebased v6: merged meta-agl-distro into meta-agl-core, due to dependency on meta-oe, moved -test packagegroup and -qa images to own layer meta-agl-core-test v7: Fixed comments from Paul Barker v8: Update the markdown files v9: restore wayland/weston/agl-compositor recipes/appends, reworked to move app f/w specific changes to bbappends in meta-app-framework and only demo specific weston-init changes to meta-agl-demo v10: fix s/agldemo/aglcore/ missed in weston-init.bbappend Description: This patch is part 1 out of 2 large patches that implement the layer rework discussed during the previous workshop. Essentially meta-agl-core is the small but versatile new core layer of AGL serving as basis for the work done by the IC and IVI EGs. All demo related work is moved to meta-agl-demo in the 2nd patchset. This should be applied together as atomic change. The resulting meta-agl/* follows these guidelines: - only bsp adaptations in meta-agl-bsp - remove the agl-profile-* layers for simplicity -- the packagegroup-agl(-profile)-graphical and so on have been kept in meta-agl-demo - meta-agl-profile-core is now meta-agl-core - meta-agl-core does pass yocto-check-layer -- therefore use the bbappend + conditional + .inc file construct found in meta-virtualization - meta-agl/meta-security has been merged into meta-agl/meta-app-framework - meta-netboot does pass yocto-check-layer - meta-pipewire does pass yocto-check-layer Migration: All packagegroups are preserved but they're now enabled by 'agl-demo'. Bug-AGL: SPEC-3723 Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org> Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ia6c6e5e6ce2b4ffa69ea94959cdc57c310ba7c53 Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/25769