From 5d7e7dc483a98a31323079953f548648a2c53cda Mon Sep 17 00:00:00 2001
From: José Bollo <jose.bollo@iot.bzh>
Date: Tue, 2 May 2017 18:13:23 +0200
Subject: Start user units at the system level
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When service name end with @ it means that the user
UID must be provided.

Change-Id: I6707df0151b7cab985cfc53a81fccf6a7150c9a3
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
---
 conf/afm-unit-debug.conf.in | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

(limited to 'conf/afm-unit-debug.conf.in')

diff --git a/conf/afm-unit-debug.conf.in b/conf/afm-unit-debug.conf.in
index 75f7811..57f934e 100644
--- a/conf/afm-unit-debug.conf.in
+++ b/conf/afm-unit-debug.conf.in
@@ -117,8 +117,8 @@ ConditionSecurity=smack
 # Automatic bound to required api
 {{#required-api}}
 {{#value=auto|ws}}
-BindsTo=afm-api-ws-{{name}}.socket
-After=afm-api-ws-{{name}}.socket
+BindsTo=afm-api-ws-{{name}}@%i.socket
+After=afm-api-ws-{{name}}@%i.socket
 {{/value=auto|ws}}
 {{/required-api}}
 %nl
@@ -128,6 +128,9 @@ EnvironmentFile=-@afm_confdir@/unit.env.d/*
 SmackProcessLabel=User::App::{{:id}}
 SuccessExitStatus=0 SIGKILL
 
+PAMName=su
+User=%i
+
 {{#required-permission}}
   {{#urn:AGL:permission::platform:no-oom}}      OOMScoreAdjust=-500             {{/urn:AGL:permission::platform:no-oom}}
   {{#urn:AGL:permission::partner:real-time}}    IOSchedulingClass=realtime      {{/urn:AGL:permission::partner:real-time}}
@@ -146,12 +149,12 @@ Environment=PATH=/usr/sbin:/usr/bin:/sbin:/bin:{{:#metadata.install-dir}}
 Environment=AFM_ID={{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}}
 EnvironmentFile=-/var/run/afm-debug/{{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}}.env
 
-%systemd-unit user
+%systemd-unit system
 {{#required-permission.urn:AGL:permission::public:hidden}}\
-%systemd-unit service afm-service-{{:id}}--{{:ver}}--{{:#target}}
+%systemd-unit service afm-service-{{:id}}--{{:ver}}--{{:#target}}@
 {{/required-permission.urn:AGL:permission::public:hidden}}\
 {{^required-permission.urn:AGL:permission::public:hidden}}\
-%systemd-unit service afm-appli-{{:id}}--{{:ver}}--{{:#target}}
+%systemd-unit service afm-appli-{{:id}}--{{:ver}}--{{:#target}}@
 {{/required-permission.urn:AGL:permission::public:hidden}}\
 
 Environment=LD_LIBRARY_PATH=$ORIGIN/lib
@@ -269,8 +272,8 @@ WantedBy=default.target
 
 # auto generated by wgtpkg-unit for {{:id}} version {{:version}} target {{:#target}} of {{:idaver}}
 #
-%systemd-unit user
-%systemd-unit socket afm-api-ws-{{name}}
+%systemd-unit system
+%systemd-unit socket afm-api-ws-{{name}}@
 
 [Socket]
 SmackLabel=*
@@ -278,10 +281,10 @@ ListenStream=%t/apis/ws/{{name}}
 FileDescriptorName={{name}}
 
 {{#required-permission.urn:AGL:permission::public:hidden}}\
-Service=afm-service-{{:id}}--{{:ver}}--{{:#target}}.service
+Service=afm-service-{{:id}}--{{:ver}}--{{:#target}}@%i.service
 {{/required-permission.urn:AGL:permission::public:hidden}}\
 {{^required-permission.urn:AGL:permission::public:hidden}}\
-Service=afm-appli-{{:id}}--{{:ver}}--{{:#target}}.service
+Service=afm-appli-{{:id}}--{{:ver}}--{{:#target}}@%i.service
 {{/required-permission.urn:AGL:permission::public:hidden}}\
 
 ;---------------------------------------------------------------------------------
-- 
cgit 1.2.3-korg