diff options
Diffstat (limited to 'conf')
-rw-r--r-- | conf/unit/afm-unit-debug.conf.in | 9 | ||||
-rw-r--r-- | conf/unit/afm-unit.conf.in | 9 | ||||
-rw-r--r-- | conf/unit/generate-unit-conf/binder.inc | 8 | ||||
-rw-r--r-- | conf/unit/generate-unit-conf/service.inc | 5 |
4 files changed, 17 insertions, 14 deletions
diff --git a/conf/unit/afm-unit-debug.conf.in b/conf/unit/afm-unit-debug.conf.in index 582e723..6955fa2 100644 --- a/conf/unit/afm-unit-debug.conf.in +++ b/conf/unit/afm-unit-debug.conf.in @@ -137,12 +137,13 @@ SmackProcessLabel=User::App::{{:id}} SuccessExitStatus=0 SIGKILL User=%i Slice=user-%i.slice -#CapabilityBoundingSet= +CapabilityBoundingSet= #AmbientCapabilities= {{#required-permission.urn:AGL:permission::platform:no-oom}}OOMScoreAdjust=-500{{/required-permission.urn:AGL:permission::platform:no-oom}} {{#required-permission.urn:AGL:permission::partner:real-time}}IOSchedulingClass=realtime{{/required-permission.urn:AGL:permission::partner:real-time}} -{{#required-permission.urn:AGL:permission::public:display}}SupplementaryGroups=display{{/required-permission.urn:AGL:permission::public:display}} {{^required-permission.urn:AGL:permission::public:syscall:clock}}SystemCallFilter=~@clock{{/required-permission.urn:AGL:permission::public:syscall:clock}} +#{{#required-permission.urn:AGL:permission::public:display}}SupplementaryGroups=display{{/required-permission.urn:AGL:permission::public:display}} +SupplementaryGroups=display %nl WorkingDirectory=-/home/%i/app-data/{{:id}} ExecStartPre=/bin/mkdir -p /home/%i/app-data/{{:id}} @@ -167,7 +168,7 @@ StandardError=journal ;---- text/html application/vnd.agl.native application/vnd.agl.service ---- ;--------------------------------------------------------------------------------- {{#content.type=text/html|application/vnd.agl.native|application/vnd.agl.service}} -X-AFM-http-port={{:#metadata.http-port}} +X-AFM-http-port={{:#metatarget.http-port}} Type=notify ExecStart=/usr/bin/afb-daemon \ --name afbd-{{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}} \ @@ -176,7 +177,7 @@ ExecStart=/usr/bin/afb-daemon \ --verbose \ --verbose \ --monitoring \ - --port={{:#metadata.http-port}} \ + --port={{:#metatarget.http-port}} \ --token=HELLO \ --roothttp={{#content.type=application/vnd.agl.service}}.{{/content.type=application/vnd.agl.service}}{{^content.type=application/vnd.agl.service}}{{#required-permission.urn:AGL:permission::public:no-htdocs}}.{{/required-permission.urn:AGL:permission::public:no-htdocs}}{{^required-permission.urn:AGL:permission::public:no-htdocs}}htdocs{{/required-permission.urn:AGL:permission::public:no-htdocs}}{{/content.type=application/vnd.agl.service}} \ {{#required-permission.urn:AGL:permission::public:applications:read}}--alias=/icons:{{:#metadata.icons-dir}}{{/required-permission.urn:AGL:permission::public:applications:read}} \ diff --git a/conf/unit/afm-unit.conf.in b/conf/unit/afm-unit.conf.in index 7c7d36a..353d83b 100644 --- a/conf/unit/afm-unit.conf.in +++ b/conf/unit/afm-unit.conf.in @@ -137,12 +137,13 @@ SmackProcessLabel=User::App::{{:id}} SuccessExitStatus=0 SIGKILL User=%i Slice=user-%i.slice -#CapabilityBoundingSet= +CapabilityBoundingSet= #AmbientCapabilities= {{#required-permission.urn:AGL:permission::platform:no-oom}}OOMScoreAdjust=-500{{/required-permission.urn:AGL:permission::platform:no-oom}} {{#required-permission.urn:AGL:permission::partner:real-time}}IOSchedulingClass=realtime{{/required-permission.urn:AGL:permission::partner:real-time}} -{{#required-permission.urn:AGL:permission::public:display}}SupplementaryGroups=display{{/required-permission.urn:AGL:permission::public:display}} {{^required-permission.urn:AGL:permission::public:syscall:clock}}SystemCallFilter=~@clock{{/required-permission.urn:AGL:permission::public:syscall:clock}} +#{{#required-permission.urn:AGL:permission::public:display}}SupplementaryGroups=display{{/required-permission.urn:AGL:permission::public:display}} +SupplementaryGroups=display %nl WorkingDirectory=-/home/%i/app-data/{{:id}} ExecStartPre=/bin/mkdir -p /home/%i/app-data/{{:id}} @@ -166,7 +167,7 @@ StandardError=journal ;--------------------------------------------------------------------------------- {{#content.type=text/html|application/vnd.agl.native|application/vnd.agl.service}} {{^content.type=application/vnd.agl.service}} -X-AFM--http-port={{:#metadata.http-port}} +X-AFM--http-port={{:#metatarget.http-port}} {{/content.type=application/vnd.agl.service}} Type=notify ExecStart=/usr/bin/afb-daemon \ @@ -176,7 +177,7 @@ ExecStart=/usr/bin/afb-daemon \ {{#content.type=application/vnd.agl.service}} \ --no-httpd \ {{/content.type=application/vnd.agl.service}}{{^content.type=application/vnd.agl.service}} \ - --port={{:#metadata.http-port}} \ + --port={{:#metatarget.http-port}} \ --random-token \ --roothttp={{#required-permission.urn:AGL:permission::public:no-htdocs}}.{{/required-permission.urn:AGL:permission::public:no-htdocs}}{{^required-permission.urn:AGL:permission::public:no-htdocs}}htdocs{{/required-permission.urn:AGL:permission::public:no-htdocs}} \ {{/content.type=application/vnd.agl.service}} \ diff --git a/conf/unit/generate-unit-conf/binder.inc b/conf/unit/generate-unit-conf/binder.inc index 1a5e71f..30c25d5 100644 --- a/conf/unit/generate-unit-conf/binder.inc +++ b/conf/unit/generate-unit-conf/binder.inc @@ -1,10 +1,10 @@ dnl vim: set filetype=sysctl.conf.m4 syntax=sysctl.conf.m4: IF_AGL_DEVEL -X-AFM-http-port={{:#metadata.http-port}} +X-AFM-http-port={{:#metatarget.http-port}} ELSE IF_NOT_CONTENT(application/vnd.agl.service) -X-AFM--http-port={{:#metadata.http-port}} +X-AFM--http-port={{:#metatarget.http-port}} ENDIF ENDIF @@ -17,14 +17,14 @@ IF_AGL_DEVEL \ --verbose \ --verbose \ --monitoring \ - --port={{:#metadata.http-port}} \ + --port={{:#metatarget.http-port}} \ --token=HELLO \ --roothttp=ON_CONTENT(application/vnd.agl.service, ., ON_PERM(:public:no-htdocs, ., htdocs)) \ ELSE \ IF_CONTENT(application/vnd.agl.service) \ --no-httpd \ ELSE \ - --port={{:#metadata.http-port}} \ + --port={{:#metatarget.http-port}} \ --random-token \ --roothttp=ON_PERM(:public:no-htdocs, ., htdocs) \ ENDIF \ diff --git a/conf/unit/generate-unit-conf/service.inc b/conf/unit/generate-unit-conf/service.inc index 961a262..59df916 100644 --- a/conf/unit/generate-unit-conf/service.inc +++ b/conf/unit/generate-unit-conf/service.inc @@ -70,13 +70,14 @@ SuccessExitStatus=0 SIGKILL User=%i Slice=user-%i.slice -#CapabilityBoundingSet= +CapabilityBoundingSet= #AmbientCapabilities= ON_PERM(:platform:no-oom, OOMScoreAdjust=-500) ON_PERM(:partner:real-time, IOSchedulingClass=realtime) -ON_PERM(:public:display, SupplementaryGroups=display) ON_PERM(:public:syscall:clock, , SystemCallFilter=~@clock) +#ON_PERM(:public:display, SupplementaryGroups=display) +SupplementaryGroups=display %nl WorkingDirectory=-APP_DATA_DIR/{{:id}} |