X-AFM--type={{content.type}}
X-AFM--wgtdir={{:#metadata.install-dir}}
X-AFM--workdir=APP_DATA_DIR/{{:id}}
+X-AFM--visibility=ON_PERM(`:public:hidden', `hidden', `visible')
%nl
Requires=afm-user-session@%i.target
[Service]
EnvironmentFile=-AFM_CONFIG_DIR/unit.env.d/*
+EnvironmentFile=-AFM_CONFIG_DIR/widget.env.d/{{:id}}/*
SmackProcessLabel=User::App::{{:id}}
SuccessExitStatus=0 SIGKILL
User=%i
Slice=user-%i.slice
-CapabilityBoundingSet=
+#CapabilityBoundingSet=
#AmbientCapabilities=
ON_PERM(:platform:no-oom, OOMScoreAdjust=-500)
ON_PERM(:partner:real-time, IOSchedulingClass=realtime)
+ON_PERM(:public:display, SupplementaryGroups=display)
ON_PERM(:public:syscall:clock, , SystemCallFilter=~@clock)
-#ON_PERM(:public:display, SupplementaryGroups=display)
-SupplementaryGroups=display
%nl
WorkingDirectory=-APP_DATA_DIR/{{:id}}