diff options
author | José Bollo <jose.bollo@iot.bzh> | 2016-10-12 10:34:20 +0200 |
---|---|---|
committer | José Bollo <jose.bollo@iot.bzh> | 2016-10-14 13:09:51 +0200 |
commit | fce7cd888063b5fffcde071914e717c7c914fa6e (patch) | |
tree | 5a6138cf9d06cb2db9c6bc49e481121020f290b5 | |
parent | 970a20a55d3a7dba32360ce596e61a2b32c9f4ee (diff) |
Refactor of service for systemd 229
Since introduction of ambient capabilities,
systemd deprecated the use of Capabilities.
With systemd 229 activated with krogoth,
the use of Capabilities does nothing.
This commits avoids to use SecureBits and Capabilities.
It now relies on the fact that post installations are
setting the capabilities to the file:
- setcap cap_mac_override,cap_dac_override=ep afm-system-daemon
- setcap cap_mac_override,cap_mac_admin,cap_setgid=ep afm-user-daemon
Using p (permitted) instead of i (inherited) that was
previously used.
Change-Id: I17d51da07adf775d47a7f44551d8b8ebbc6eacb9
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-rw-r--r-- | conf/afm-system-daemon.service | 2 | ||||
-rw-r--r-- | conf/afm-user-daemon.service | 1 |
2 files changed, 1 insertions, 2 deletions
diff --git a/conf/afm-system-daemon.service b/conf/afm-system-daemon.service index b14f417..77e1f1b 100644 --- a/conf/afm-system-daemon.service +++ b/conf/afm-system-daemon.service @@ -9,8 +9,6 @@ ExecStart=/usr/bin/afm-system-daemon Restart=on-failure RestartSec=5 CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_MAC_OVERRIDE -SecureBits=keep-caps -Capabilities=cap_dac_override,cap_mac_override=i [Install] WantedBy=multi-user.target diff --git a/conf/afm-user-daemon.service b/conf/afm-user-daemon.service index d418e8c..c77ef6e 100644 --- a/conf/afm-user-daemon.service +++ b/conf/afm-user-daemon.service @@ -5,6 +5,7 @@ Description=Application Framework Master, User side Type=dbus BusName=org.AGL.afm.user ExecStart=/usr/bin/afm-user-daemon +CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_MAC_ADMIN CAP_SETGID Environment=LD_PRELOAD=/usr/lib/libEGL.so Restart=on-failure RestartSec=5 |