aboutsummaryrefslogtreecommitdiffstats
path: root/conf/unit
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2018-12-10 08:07:39 +0100
committerJosé Bollo <jose.bollo@iot.bzh>2019-04-26 11:56:10 +0200
commitb4ca569c08a233114fb77106a8b4aa34d47ab54c (patch)
tree81c3eabfa32420243b5a99f4f6ef6e3b27d58c64 /conf/unit
parent26dd0f8f106d83d22ad054ffeadfff21ab0b1f36 (diff)
afm-unit: Restore removal of capabilities
This removes capabilities to any application installed and launched. Also fixes a tiny bug in setup of user environment. Bug-AGL: SPEC-2006 Change-Id: I2c0d85cc2c2d389247ad9ce728f4d9e8e3d74616 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'conf/unit')
-rw-r--r--conf/unit/afm-unit-debug.conf.in2
-rw-r--r--conf/unit/afm-unit.conf.in2
-rw-r--r--conf/unit/generate-unit-conf/service.inc2
3 files changed, 3 insertions, 3 deletions
diff --git a/conf/unit/afm-unit-debug.conf.in b/conf/unit/afm-unit-debug.conf.in
index 9821e9f..f09956d 100644
--- a/conf/unit/afm-unit-debug.conf.in
+++ b/conf/unit/afm-unit-debug.conf.in
@@ -139,7 +139,7 @@ SmackProcessLabel=User::App::{{:id}}
SuccessExitStatus=0 SIGKILL
User=%i
Slice=user-%i.slice
-#CapabilityBoundingSet=
+CapabilityBoundingSet=
#AmbientCapabilities=
{{#required-permission.urn:AGL:permission::platform:no-oom}}OOMScoreAdjust=-500{{/required-permission.urn:AGL:permission::platform:no-oom}}
{{#required-permission.urn:AGL:permission::partner:real-time}}IOSchedulingClass=realtime{{/required-permission.urn:AGL:permission::partner:real-time}}
diff --git a/conf/unit/afm-unit.conf.in b/conf/unit/afm-unit.conf.in
index 9e95e11..1c14eb1 100644
--- a/conf/unit/afm-unit.conf.in
+++ b/conf/unit/afm-unit.conf.in
@@ -139,7 +139,7 @@ SmackProcessLabel=User::App::{{:id}}
SuccessExitStatus=0 SIGKILL
User=%i
Slice=user-%i.slice
-#CapabilityBoundingSet=
+CapabilityBoundingSet=
#AmbientCapabilities=
{{#required-permission.urn:AGL:permission::platform:no-oom}}OOMScoreAdjust=-500{{/required-permission.urn:AGL:permission::platform:no-oom}}
{{#required-permission.urn:AGL:permission::partner:real-time}}IOSchedulingClass=realtime{{/required-permission.urn:AGL:permission::partner:real-time}}
diff --git a/conf/unit/generate-unit-conf/service.inc b/conf/unit/generate-unit-conf/service.inc
index fdafc5c..839533d 100644
--- a/conf/unit/generate-unit-conf/service.inc
+++ b/conf/unit/generate-unit-conf/service.inc
@@ -72,7 +72,7 @@ SuccessExitStatus=0 SIGKILL
User=%i
Slice=user-%i.slice
-#CapabilityBoundingSet=
+CapabilityBoundingSet=
#AmbientCapabilities=
ON_PERM(:platform:no-oom, OOMScoreAdjust=-500)