summaryrefslogtreecommitdiffstats
path: root/conf/unit/afm-unit-debug.conf.in
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2018-12-10 08:07:39 +0100
committerJosé Bollo <jose.bollo@iot.bzh>2018-12-18 11:04:53 +0100
commitf2a2f1357a5268b614528feeba0a91f4ea04a7aa (patch)
tree1959128f2e3324dfcc61d52205118e6c21297b1d /conf/unit/afm-unit-debug.conf.in
parentf8b04951b4ccafdf28b875825edd46316fafb519 (diff)
afm-unit: Restore removal of capabilities
This removes capabilities to any application installed and launched. Also applications are added by default to the display group, meaning that it can be displayed. Bug-AGL: SPEC-2006 Change-Id: Ia0b2d0df3ec1c74f37ca176fc9f0e8db96de3566 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'conf/unit/afm-unit-debug.conf.in')
-rw-r--r--conf/unit/afm-unit-debug.conf.in5
1 files changed, 3 insertions, 2 deletions
diff --git a/conf/unit/afm-unit-debug.conf.in b/conf/unit/afm-unit-debug.conf.in
index 49eb826..6955fa2 100644
--- a/conf/unit/afm-unit-debug.conf.in
+++ b/conf/unit/afm-unit-debug.conf.in
@@ -137,12 +137,13 @@ SmackProcessLabel=User::App::{{:id}}
SuccessExitStatus=0 SIGKILL
User=%i
Slice=user-%i.slice
-#CapabilityBoundingSet=
+CapabilityBoundingSet=
#AmbientCapabilities=
{{#required-permission.urn:AGL:permission::platform:no-oom}}OOMScoreAdjust=-500{{/required-permission.urn:AGL:permission::platform:no-oom}}
{{#required-permission.urn:AGL:permission::partner:real-time}}IOSchedulingClass=realtime{{/required-permission.urn:AGL:permission::partner:real-time}}
-{{#required-permission.urn:AGL:permission::public:display}}SupplementaryGroups=display{{/required-permission.urn:AGL:permission::public:display}}
{{^required-permission.urn:AGL:permission::public:syscall:clock}}SystemCallFilter=~@clock{{/required-permission.urn:AGL:permission::public:syscall:clock}}
+#{{#required-permission.urn:AGL:permission::public:display}}SupplementaryGroups=display{{/required-permission.urn:AGL:permission::public:display}}
+SupplementaryGroups=display
%nl
WorkingDirectory=-/home/%i/app-data/{{:id}}
ExecStartPre=/bin/mkdir -p /home/%i/app-data/{{:id}}