diff options
| author |   José Bollo <jose.bollo@iot.bzh> | 2017-05-02 18:13:23 +0200 |
|---|---|---|
| committer | José Bollo <jose.bollo@iot.bzh> | 2017-11-24 17:44:57 +0100 |
| commit | 5d7e7dc483a98a31323079953f548648a2c53cda (patch) | |
| tree | 944127327ef8f32a1ca4623145a9aa7fe0b316da /conf/afm-unit.conf.in | |
| parent | b2cddbdc1ca61339330014092854ac33e0d9fb99 (diff) | |
Start user units at the system level
When service name end with @ it means that the user
UID must be provided.
Change-Id: I6707df0151b7cab985cfc53a81fccf6a7150c9a3
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'conf/afm-unit.conf.in')
| -rw-r--r-- | conf/afm-unit.conf.in | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/conf/afm-unit.conf.in b/conf/afm-unit.conf.in index 7bd8581..0432ee3 100644 --- a/conf/afm-unit.conf.in +++ b/conf/afm-unit.conf.in @@ -117,8 +117,8 @@ ConditionSecurity=smack # Automatic bound to required api {{#required-api}} {{#value=auto|ws}} -BindsTo=afm-api-ws-{{name}}.socket -After=afm-api-ws-{{name}}.socket +BindsTo=afm-api-ws-{{name}}@%i.socket +After=afm-api-ws-{{name}}@%i.socket {{/value=auto|ws}} {{/required-api}} %nl @@ -128,6 +128,9 @@ EnvironmentFile=-@afm_confdir@/unit.env.d/* SmackProcessLabel=User::App::{{:id}} SuccessExitStatus=0 SIGKILL +PAMName=su +User=%i + {{#required-permission}} {{#urn:AGL:permission::platform:no-oom}} OOMScoreAdjust=-500 {{/urn:AGL:permission::platform:no-oom}} {{#urn:AGL:permission::partner:real-time}} IOSchedulingClass=realtime {{/urn:AGL:permission::partner:real-time}} @@ -142,12 +145,12 @@ ExecStartPre=/bin/mkdir -p {{&#metadata.app-data-dir}}/{{:id}} Environment=AFM_APP_INSTALL_DIR={{:#metadata.install-dir}} Environment=PATH=/usr/sbin:/usr/bin:/sbin:/bin:{{:#metadata.install-dir}} -%systemd-unit user +%systemd-unit system {{#required-permission.urn:AGL:permission::public:hidden}}\ -%systemd-unit service afm-service-{{:id}}--{{:ver}}--{{:#target}} +%systemd-unit service afm-service-{{:id}}--{{:ver}}--{{:#target}}@ {{/required-permission.urn:AGL:permission::public:hidden}}\ {{^required-permission.urn:AGL:permission::public:hidden}}\ -%systemd-unit service afm-appli-{{:id}}--{{:ver}}--{{:#target}} +%systemd-unit service afm-appli-{{:id}}--{{:ver}}--{{:#target}}@ {{/required-permission.urn:AGL:permission::public:hidden}}\ Environment=LD_LIBRARY_PATH=$ORIGIN/lib @@ -265,8 +268,8 @@ WantedBy=default.target # auto generated by wgtpkg-unit for {{:id}} version {{:version}} target {{:#target}} of {{:idaver}} # -%systemd-unit user -%systemd-unit socket afm-api-ws-{{name}} +%systemd-unit system +%systemd-unit socket afm-api-ws-{{name}}@ [Socket] SmackLabel=* @@ -274,10 +277,10 @@ ListenStream=%t/apis/ws/{{name}} FileDescriptorName={{name}} {{#required-permission.urn:AGL:permission::public:hidden}}\ -Service=afm-service-{{:id}}--{{:ver}}--{{:#target}}.service +Service=afm-service-{{:id}}--{{:ver}}--{{:#target}}@%i.service {{/required-permission.urn:AGL:permission::public:hidden}}\ {{^required-permission.urn:AGL:permission::public:hidden}}\ -Service=afm-appli-{{:id}}--{{:ver}}--{{:#target}}.service +Service=afm-appli-{{:id}}--{{:ver}}--{{:#target}}@%i.service {{/required-permission.urn:AGL:permission::public:hidden}}\ ;--------------------------------------------------------------------------------- |