summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2016-10-12 10:34:20 +0200
committerJosé Bollo <jose.bollo@iot.bzh>2016-10-14 13:09:51 +0200
commitfce7cd888063b5fffcde071914e717c7c914fa6e (patch)
tree5a6138cf9d06cb2db9c6bc49e481121020f290b5
parent970a20a55d3a7dba32360ce596e61a2b32c9f4ee (diff)
Refactor of service for systemd 229
Since introduction of ambient capabilities, systemd deprecated the use of Capabilities. With systemd 229 activated with krogoth, the use of Capabilities does nothing. This commits avoids to use SecureBits and Capabilities. It now relies on the fact that post installations are setting the capabilities to the file: - setcap cap_mac_override,cap_dac_override=ep afm-system-daemon - setcap cap_mac_override,cap_mac_admin,cap_setgid=ep afm-user-daemon Using p (permitted) instead of i (inherited) that was previously used. Change-Id: I17d51da07adf775d47a7f44551d8b8ebbc6eacb9 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-rw-r--r--conf/afm-system-daemon.service2
-rw-r--r--conf/afm-user-daemon.service1
2 files changed, 1 insertions, 2 deletions
diff --git a/conf/afm-system-daemon.service b/conf/afm-system-daemon.service
index b14f417..77e1f1b 100644
--- a/conf/afm-system-daemon.service
+++ b/conf/afm-system-daemon.service
@@ -9,8 +9,6 @@ ExecStart=/usr/bin/afm-system-daemon
Restart=on-failure
RestartSec=5
CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_MAC_OVERRIDE
-SecureBits=keep-caps
-Capabilities=cap_dac_override,cap_mac_override=i
[Install]
WantedBy=multi-user.target
diff --git a/conf/afm-user-daemon.service b/conf/afm-user-daemon.service
index d418e8c..c77ef6e 100644
--- a/conf/afm-user-daemon.service
+++ b/conf/afm-user-daemon.service
@@ -5,6 +5,7 @@ Description=Application Framework Master, User side
Type=dbus
BusName=org.AGL.afm.user
ExecStart=/usr/bin/afm-user-daemon
+CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_MAC_ADMIN CAP_SETGID
Environment=LD_PRELOAD=/usr/lib/libEGL.so
Restart=on-failure
RestartSec=5