diff options
| author |   José Bollo <jose.bollo@iot.bzh> | 2018-12-10 08:07:39 +0100 |
|---|---|---|
| committer | José Bollo <jose.bollo@iot.bzh> | 2019-04-26 11:56:10 +0200 |
| commit | b4ca569c08a233114fb77106a8b4aa34d47ab54c (patch) | |
| tree | 81c3eabfa32420243b5a99f4f6ef6e3b27d58c64 /conf | |
| parent | 26dd0f8f106d83d22ad054ffeadfff21ab0b1f36 (diff) | |
afm-unit: Restore removal of capabilities
This removes capabilities to any application installed
and launched.
Also fixes a tiny bug in setup of user environment.
Bug-AGL: SPEC-2006
Change-Id: I2c0d85cc2c2d389247ad9ce728f4d9e8e3d74616
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'conf')
| -rw-r--r-- | conf/system/afm-user-setup@.service | 2 | ||||
| -rw-r--r-- | conf/unit/afm-unit-debug.conf.in | 2 | ||||
| -rw-r--r-- | conf/unit/afm-unit.conf.in | 2 | ||||
| -rw-r--r-- | conf/unit/generate-unit-conf/service.inc | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/conf/system/afm-user-setup@.service b/conf/system/afm-user-setup@.service index cc5332b..f23dcd3 100644 --- a/conf/system/afm-user-setup@.service +++ b/conf/system/afm-user-setup@.service @@ -8,7 +8,7 @@ ExecStart=-/bin/sh -c "/bin/mkdir /run/user/%i; /bin/chown %i:%i /run/user/%i; / ExecStart=-/bin/sh -c "/bin/mkdir /run/user/%i/apis; /bin/chown %i:%i /run/user/%i/apis; /usr/bin/chsmack -a '*' /run/user/%i/apis" ExecStart=-/bin/sh -c "/bin/mkdir /run/user/%i/apis/ws; /bin/chown %i:%i /run/user/%i/apis/ws; /usr/bin/chsmack -a '*' /run/user/%i/apis/ws" ExecStart=-/bin/sh -c "/bin/mkdir /run/user/%i/apis/link; /bin/chown %i:%i /run/user/%i/apis/link; /usr/bin/chsmack -a '*' /run/user/%i/apis/link" -ExecStart=-/bin/sh -c "/bin/ln -sf /run/platform/display/wayland-0 /run/user/%i/wayland-0; /bin/chown %i:%i /run/user/%i/wayland-0; /usr/bin/chsmack -a '*' /run/user/%i/wayland-0" +ExecStart=-/bin/sh -c "/bin/ln -sf /run/platform/display/wayland-0 /run/user/%i/wayland-0; /bin/chown -h %i:%i /run/user/%i/wayland-0; /usr/bin/chsmack -a '*' /run/user/%i/wayland-0" diff --git a/conf/unit/afm-unit-debug.conf.in b/conf/unit/afm-unit-debug.conf.in index 9821e9f..f09956d 100644 --- a/conf/unit/afm-unit-debug.conf.in +++ b/conf/unit/afm-unit-debug.conf.in @@ -139,7 +139,7 @@ SmackProcessLabel=User::App::{{:id}} SuccessExitStatus=0 SIGKILL User=%i Slice=user-%i.slice -#CapabilityBoundingSet= +CapabilityBoundingSet= #AmbientCapabilities= {{#required-permission.urn:AGL:permission::platform:no-oom}}OOMScoreAdjust=-500{{/required-permission.urn:AGL:permission::platform:no-oom}} {{#required-permission.urn:AGL:permission::partner:real-time}}IOSchedulingClass=realtime{{/required-permission.urn:AGL:permission::partner:real-time}} diff --git a/conf/unit/afm-unit.conf.in b/conf/unit/afm-unit.conf.in index 9e95e11..1c14eb1 100644 --- a/conf/unit/afm-unit.conf.in +++ b/conf/unit/afm-unit.conf.in @@ -139,7 +139,7 @@ SmackProcessLabel=User::App::{{:id}} SuccessExitStatus=0 SIGKILL User=%i Slice=user-%i.slice -#CapabilityBoundingSet= +CapabilityBoundingSet= #AmbientCapabilities= {{#required-permission.urn:AGL:permission::platform:no-oom}}OOMScoreAdjust=-500{{/required-permission.urn:AGL:permission::platform:no-oom}} {{#required-permission.urn:AGL:permission::partner:real-time}}IOSchedulingClass=realtime{{/required-permission.urn:AGL:permission::partner:real-time}} diff --git a/conf/unit/generate-unit-conf/service.inc b/conf/unit/generate-unit-conf/service.inc index fdafc5c..839533d 100644 --- a/conf/unit/generate-unit-conf/service.inc +++ b/conf/unit/generate-unit-conf/service.inc @@ -72,7 +72,7 @@ SuccessExitStatus=0 SIGKILL User=%i Slice=user-%i.slice -#CapabilityBoundingSet= +CapabilityBoundingSet= #AmbientCapabilities= ON_PERM(:platform:no-oom, OOMScoreAdjust=-500) |