aboutsummaryrefslogtreecommitdiffstats
path: root/conf/unit
diff options
context:
space:
mode:
Diffstat (limited to 'conf/unit')
-rw-r--r--conf/unit/afm-unit-debug.conf.in9
-rw-r--r--conf/unit/afm-unit.conf.in9
-rw-r--r--conf/unit/generate-unit-conf/binder.inc8
-rw-r--r--conf/unit/generate-unit-conf/service.inc5
4 files changed, 17 insertions, 14 deletions
diff --git a/conf/unit/afm-unit-debug.conf.in b/conf/unit/afm-unit-debug.conf.in
index 7c74bc7..093975d 100644
--- a/conf/unit/afm-unit-debug.conf.in
+++ b/conf/unit/afm-unit-debug.conf.in
@@ -137,12 +137,13 @@ SmackProcessLabel=User::App::{{:id}}
SuccessExitStatus=0 SIGKILL
User=%i
Slice=user-%i.slice
-#CapabilityBoundingSet=
+CapabilityBoundingSet=
#AmbientCapabilities=
{{#required-permission.urn:AGL:permission::platform:no-oom}}OOMScoreAdjust=-500{{/required-permission.urn:AGL:permission::platform:no-oom}}
{{#required-permission.urn:AGL:permission::partner:real-time}}IOSchedulingClass=realtime{{/required-permission.urn:AGL:permission::partner:real-time}}
-{{#required-permission.urn:AGL:permission::public:display}}SupplementaryGroups=display{{/required-permission.urn:AGL:permission::public:display}}
{{^required-permission.urn:AGL:permission::public:syscall:clock}}SystemCallFilter=~@clock{{/required-permission.urn:AGL:permission::public:syscall:clock}}
+#{{#required-permission.urn:AGL:permission::public:display}}SupplementaryGroups=display{{/required-permission.urn:AGL:permission::public:display}}
+SupplementaryGroups=display
%nl
WorkingDirectory=-/home/%i/app-data/{{:id}}
ExecStartPre=/bin/mkdir -p /home/%i/app-data/{{:id}}
@@ -167,7 +168,7 @@ StandardError=journal
;---- text/html application/vnd.agl.native application/vnd.agl.service ----
;---------------------------------------------------------------------------------
{{#content.type=text/html|application/vnd.agl.native|application/vnd.agl.service}}
-X-AFM-http-port={{:#metadata.http-port}}
+X-AFM-http-port={{:#metatarget.http-port}}
Type=notify
ExecStart=/usr/bin/afb-daemon \
--name afbd-{{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}} \
@@ -176,7 +177,7 @@ ExecStart=/usr/bin/afb-daemon \
--verbose \
--verbose \
--monitoring \
- --port={{:#metadata.http-port}} \
+ --port={{:#metatarget.http-port}} \
--token=HELLO \
--roothttp={{#content.type=application/vnd.agl.service}}.{{/content.type=application/vnd.agl.service}}{{^content.type=application/vnd.agl.service}}{{#required-permission.urn:AGL:permission::public:no-htdocs}}.{{/required-permission.urn:AGL:permission::public:no-htdocs}}{{^required-permission.urn:AGL:permission::public:no-htdocs}}htdocs{{/required-permission.urn:AGL:permission::public:no-htdocs}}{{/content.type=application/vnd.agl.service}} \
{{#required-permission.urn:AGL:permission::public:applications:read}}--alias=/icons:{{:#metadata.icons-dir}}{{/required-permission.urn:AGL:permission::public:applications:read}} \
diff --git a/conf/unit/afm-unit.conf.in b/conf/unit/afm-unit.conf.in
index 8497821..8067840 100644
--- a/conf/unit/afm-unit.conf.in
+++ b/conf/unit/afm-unit.conf.in
@@ -137,12 +137,13 @@ SmackProcessLabel=User::App::{{:id}}
SuccessExitStatus=0 SIGKILL
User=%i
Slice=user-%i.slice
-#CapabilityBoundingSet=
+CapabilityBoundingSet=
#AmbientCapabilities=
{{#required-permission.urn:AGL:permission::platform:no-oom}}OOMScoreAdjust=-500{{/required-permission.urn:AGL:permission::platform:no-oom}}
{{#required-permission.urn:AGL:permission::partner:real-time}}IOSchedulingClass=realtime{{/required-permission.urn:AGL:permission::partner:real-time}}
-{{#required-permission.urn:AGL:permission::public:display}}SupplementaryGroups=display{{/required-permission.urn:AGL:permission::public:display}}
{{^required-permission.urn:AGL:permission::public:syscall:clock}}SystemCallFilter=~@clock{{/required-permission.urn:AGL:permission::public:syscall:clock}}
+#{{#required-permission.urn:AGL:permission::public:display}}SupplementaryGroups=display{{/required-permission.urn:AGL:permission::public:display}}
+SupplementaryGroups=display
%nl
WorkingDirectory=-/home/%i/app-data/{{:id}}
ExecStartPre=/bin/mkdir -p /home/%i/app-data/{{:id}}
@@ -166,7 +167,7 @@ StandardError=journal
;---------------------------------------------------------------------------------
{{#content.type=text/html|application/vnd.agl.native|application/vnd.agl.service}}
{{^content.type=application/vnd.agl.service}}
-X-AFM--http-port={{:#metadata.http-port}}
+X-AFM--http-port={{:#metatarget.http-port}}
{{/content.type=application/vnd.agl.service}}
Type=notify
ExecStart=/usr/bin/afb-daemon \
@@ -176,7 +177,7 @@ ExecStart=/usr/bin/afb-daemon \
{{#content.type=application/vnd.agl.service}} \
--no-httpd \
{{/content.type=application/vnd.agl.service}}{{^content.type=application/vnd.agl.service}} \
- --port={{:#metadata.http-port}} \
+ --port={{:#metatarget.http-port}} \
--random-token \
--roothttp={{#required-permission.urn:AGL:permission::public:no-htdocs}}.{{/required-permission.urn:AGL:permission::public:no-htdocs}}{{^required-permission.urn:AGL:permission::public:no-htdocs}}htdocs{{/required-permission.urn:AGL:permission::public:no-htdocs}} \
{{/content.type=application/vnd.agl.service}} \
diff --git a/conf/unit/generate-unit-conf/binder.inc b/conf/unit/generate-unit-conf/binder.inc
index bc4608d..37643ad 100644
--- a/conf/unit/generate-unit-conf/binder.inc
+++ b/conf/unit/generate-unit-conf/binder.inc
@@ -1,10 +1,10 @@
dnl vim: set filetype=sysctl.conf.m4 syntax=sysctl.conf.m4:
IF_AGL_DEVEL
-X-AFM-http-port={{:#metadata.http-port}}
+X-AFM-http-port={{:#metatarget.http-port}}
ELSE
IF_NOT_CONTENT(application/vnd.agl.service)
-X-AFM--http-port={{:#metadata.http-port}}
+X-AFM--http-port={{:#metatarget.http-port}}
ENDIF
ENDIF
@@ -17,14 +17,14 @@ IF_AGL_DEVEL \
--verbose \
--verbose \
--monitoring \
- --port={{:#metadata.http-port}} \
+ --port={{:#metatarget.http-port}} \
--token=HELLO \
--roothttp=ON_CONTENT(application/vnd.agl.service, ., ON_PERM(:public:no-htdocs, ., htdocs)) \
ELSE \
IF_CONTENT(application/vnd.agl.service) \
--no-httpd \
ELSE \
- --port={{:#metadata.http-port}} \
+ --port={{:#metatarget.http-port}} \
--random-token \
--roothttp=ON_PERM(:public:no-htdocs, ., htdocs) \
ENDIF \
diff --git a/conf/unit/generate-unit-conf/service.inc b/conf/unit/generate-unit-conf/service.inc
index 961a262..59df916 100644
--- a/conf/unit/generate-unit-conf/service.inc
+++ b/conf/unit/generate-unit-conf/service.inc
@@ -70,13 +70,14 @@ SuccessExitStatus=0 SIGKILL
User=%i
Slice=user-%i.slice
-#CapabilityBoundingSet=
+CapabilityBoundingSet=
#AmbientCapabilities=
ON_PERM(:platform:no-oom, OOMScoreAdjust=-500)
ON_PERM(:partner:real-time, IOSchedulingClass=realtime)
-ON_PERM(:public:display, SupplementaryGroups=display)
ON_PERM(:public:syscall:clock, , SystemCallFilter=~@clock)
+#ON_PERM(:public:display, SupplementaryGroups=display)
+SupplementaryGroups=display
%nl
WorkingDirectory=-APP_DATA_DIR/{{:id}}