From b4ca569c08a233114fb77106a8b4aa34d47ab54c Mon Sep 17 00:00:00 2001
From: José Bollo <jose.bollo@iot.bzh>
Date: Mon, 10 Dec 2018 08:07:39 +0100
Subject: afm-unit: Restore removal of capabilities
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This removes capabilities to any application installed
and launched.

Also fixes a tiny bug in setup of user environment.

Bug-AGL: SPEC-2006

Change-Id: I2c0d85cc2c2d389247ad9ce728f4d9e8e3d74616
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
---
 conf/unit/afm-unit-debug.conf.in         | 2 +-
 conf/unit/afm-unit.conf.in               | 2 +-
 conf/unit/generate-unit-conf/service.inc | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'conf/unit')

diff --git a/conf/unit/afm-unit-debug.conf.in b/conf/unit/afm-unit-debug.conf.in
index 9821e9f..f09956d 100644
--- a/conf/unit/afm-unit-debug.conf.in
+++ b/conf/unit/afm-unit-debug.conf.in
@@ -139,7 +139,7 @@ SmackProcessLabel=User::App::{{:id}}
 SuccessExitStatus=0 SIGKILL
 User=%i
 Slice=user-%i.slice
-#CapabilityBoundingSet=
+CapabilityBoundingSet=
 #AmbientCapabilities=
 {{#required-permission.urn:AGL:permission::platform:no-oom}}OOMScoreAdjust=-500{{/required-permission.urn:AGL:permission::platform:no-oom}}
 {{#required-permission.urn:AGL:permission::partner:real-time}}IOSchedulingClass=realtime{{/required-permission.urn:AGL:permission::partner:real-time}}
diff --git a/conf/unit/afm-unit.conf.in b/conf/unit/afm-unit.conf.in
index 9e95e11..1c14eb1 100644
--- a/conf/unit/afm-unit.conf.in
+++ b/conf/unit/afm-unit.conf.in
@@ -139,7 +139,7 @@ SmackProcessLabel=User::App::{{:id}}
 SuccessExitStatus=0 SIGKILL
 User=%i
 Slice=user-%i.slice
-#CapabilityBoundingSet=
+CapabilityBoundingSet=
 #AmbientCapabilities=
 {{#required-permission.urn:AGL:permission::platform:no-oom}}OOMScoreAdjust=-500{{/required-permission.urn:AGL:permission::platform:no-oom}}
 {{#required-permission.urn:AGL:permission::partner:real-time}}IOSchedulingClass=realtime{{/required-permission.urn:AGL:permission::partner:real-time}}
diff --git a/conf/unit/generate-unit-conf/service.inc b/conf/unit/generate-unit-conf/service.inc
index fdafc5c..839533d 100644
--- a/conf/unit/generate-unit-conf/service.inc
+++ b/conf/unit/generate-unit-conf/service.inc
@@ -72,7 +72,7 @@ SuccessExitStatus=0 SIGKILL
 User=%i
 Slice=user-%i.slice
 
-#CapabilityBoundingSet=
+CapabilityBoundingSet=
 #AmbientCapabilities=
 
 ON_PERM(:platform:no-oom,   OOMScoreAdjust=-500)
-- 
cgit 1.2.3-korg