From bcd5334d789f61ac1f6b14de3f1f2febea27e06c Mon Sep 17 00:00:00 2001 From: José Bollo Date: Thu, 23 May 2019 18:06:38 +0200 Subject: lightmediascanner: change db directory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Lightmediascanner runs for one user and should not be able to look over the the shoulder of other users. So it should not run as root anymore. At the moment, lightmediascanner is a user daemon started in the user session by systemd, without capabilities but with the Smack label "System". To allow the service-mediascanner to access its database, the db must be set in a specific place with the User::App-shared label. Bug-AGL: SPEC-1016 Change-Id: Id4546e2567c4f5a0a5139d274d35d11e4879e42e Signed-off-by: José Bollo --- .../lightmediascanner/files/lightmediascanner.service | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'meta-agl-profile-core') diff --git a/meta-agl-profile-core/recipes-multimedia/lightmediascanner/files/lightmediascanner.service b/meta-agl-profile-core/recipes-multimedia/lightmediascanner/files/lightmediascanner.service index e53b24719..3b8a6d361 100644 --- a/meta-agl-profile-core/recipes-multimedia/lightmediascanner/files/lightmediascanner.service +++ b/meta-agl-profile-core/recipes-multimedia/lightmediascanner/files/lightmediascanner.service @@ -4,7 +4,8 @@ Description=Lightmediascanner (LMS) [Service] Type=dbus BusName=org.lightmediascanner -ExecStart=/usr/bin/lightmediascannerd --startup-scan --db-path=/tmp/%U/lightmediascannerd.db --directory=/media --directory=%h/Music --directory=%h/Videos +UMask=0077 +ExecStart=/usr/bin/lightmediascannerd --startup-scan --db-path=/run/user/%U/usrshr/lightmediascannerd.db --directory=/media --directory=%h/Music --directory=%h/Videos [Install] WantedBy=default.target -- cgit 1.2.3-korg