From 11654afcb5753a54a033db12e1ed4a19b3f7c86e Mon Sep 17 00:00:00 2001
From: Jose Bollo <jose.bollo@iot.bzh>
Date: Mon, 10 Sep 2018 12:00:18 +0200
Subject: Initial commit

Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
---
 systemd/CMakeLists.txt                           | 42 ++++++++++++++++++++++++
 systemd/cynara-admin.socket.in                   | 15 +++++++++
 systemd/cynara-check.socket.in                   | 15 +++++++++
 systemd/cynara.service                           | 29 ++++++++++++++++
 systemd/cynara.target                            |  4 +++
 systemd/sockets.target.wants/cynara-admin.socket |  1 +
 systemd/sockets.target.wants/cynara-check.socket |  1 +
 7 files changed, 107 insertions(+)
 create mode 100644 systemd/CMakeLists.txt
 create mode 100644 systemd/cynara-admin.socket.in
 create mode 100644 systemd/cynara-check.socket.in
 create mode 100644 systemd/cynara.service
 create mode 100644 systemd/cynara.target
 create mode 120000 systemd/sockets.target.wants/cynara-admin.socket
 create mode 120000 systemd/sockets.target.wants/cynara-check.socket

(limited to 'systemd')

diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt
new file mode 100644
index 0000000..f8116a2
--- /dev/null
+++ b/systemd/CMakeLists.txt
@@ -0,0 +1,42 @@
+# Copyright (c) 2014-2016 Samsung Electronics Co., Ltd All Rights Reserved
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+#
+# @file        CMakeLists.txt
+# @author      Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+#
+
+SET(CYNARA_ADMIN_SOCKET_GROUP
+    "security_fw"
+    CACHE STRING
+    "Group to apply on administrative sockets")
+
+CONFIGURE_FILE(cynara-admin.socket.in       cynara-admin.socket @ONLY)
+CONFIGURE_FILE(cynara-check.socket.in       cynara-check.socket @ONLY)
+
+INSTALL(FILES
+    ${CMAKE_CURRENT_SOURCE_DIR}/cynara.service
+    ${CMAKE_CURRENT_SOURCE_DIR}/cynara.target
+    ${CMAKE_CURRENT_BINARY_DIR}/cynara-admin.socket
+    ${CMAKE_CURRENT_BINARY_DIR}/cynara-check.socket
+    DESTINATION
+    ${SYSTEMD_UNIT_DIR}
+)
+
+INSTALL(DIRECTORY
+    ${CMAKE_CURRENT_SOURCE_DIR}/sockets.target.wants
+    DESTINATION
+    ${SYSTEMD_UNIT_DIR}
+)
+
+
diff --git a/systemd/cynara-admin.socket.in b/systemd/cynara-admin.socket.in
new file mode 100644
index 0000000..ebc59c6
--- /dev/null
+++ b/systemd/cynara-admin.socket.in
@@ -0,0 +1,15 @@
+[Socket]
+FileDescriptorName=admin
+ListenStream=@SOCKET_DIR@/cynara.admin
+SocketMode=0600
+SmackLabelIPIn=@
+SmackLabelIPOut=@
+
+Service=cynara.service
+
+[Unit]
+Wants=cynara.target
+Before=cynara.target
+
+[Install]
+WantedBy=sockets.target
diff --git a/systemd/cynara-check.socket.in b/systemd/cynara-check.socket.in
new file mode 100644
index 0000000..1139d2f
--- /dev/null
+++ b/systemd/cynara-check.socket.in
@@ -0,0 +1,15 @@
+[Socket]
+FileDescriptorName=check
+ListenStream=@SOCKET_DIR@/cynara.check
+SocketMode=0666
+SmackLabelIPIn=*
+SmackLabelIPOut=@
+
+Service=cynara.service
+
+[Unit]
+Wants=cynara.target
+Before=cynara.target
+
+[Install]
+WantedBy=sockets.target
diff --git a/systemd/cynara.service b/systemd/cynara.service
new file mode 100644
index 0000000..e124b91
--- /dev/null
+++ b/systemd/cynara.service
@@ -0,0 +1,29 @@
+[Unit]
+Description=Cynara service
+Requires=afm-system-setup.service
+After=afm-system-setup.service
+
+[Service]
+ExecStartPre=+-/usr/bin/sh -c 'if test ! -d /var/lib/cynara; then mkdir -p /var/lib/cynara; chown cynara:cynara /var/lib/cynara; chsmack -a System /var/lib/cynara; fi'
+ExecStart=/usr/bin/cynarad
+
+Type=notify
+
+KillMode=process
+TimeoutStopSec=3
+Restart=always
+
+Sockets=cynara-admin.socket
+Sockets=cynara-check.socket
+
+UMask=0000
+User=cynara
+Group=cynara
+SmackProcessLabel=System
+#NoNewPrivileges=true
+
+#Environment="CYNARA_LOG_LEVEL=LOG_DEBUG"
+#Environment="CYNARA_AUDIT_LEVEL=ALL"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/systemd/cynara.target b/systemd/cynara.target
new file mode 100644
index 0000000..9b2dee4
--- /dev/null
+++ b/systemd/cynara.target
@@ -0,0 +1,4 @@
+[Unit]
+Description=cynara sockets
+DefaultDependencies=true
+
diff --git a/systemd/sockets.target.wants/cynara-admin.socket b/systemd/sockets.target.wants/cynara-admin.socket
new file mode 120000
index 0000000..3d0b1ce
--- /dev/null
+++ b/systemd/sockets.target.wants/cynara-admin.socket
@@ -0,0 +1 @@
+../cynara-admin.socket
\ No newline at end of file
diff --git a/systemd/sockets.target.wants/cynara-check.socket b/systemd/sockets.target.wants/cynara-check.socket
new file mode 120000
index 0000000..921ca66
--- /dev/null
+++ b/systemd/sockets.target.wants/cynara-check.socket
@@ -0,0 +1 @@
+../cynara-check.socket
\ No newline at end of file
-- 
cgit 1.2.3-korg