Code Review / src / app-framework-main.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
afm-unit: Restore removal of capabilities
[src/app-framework-main.git] / conf / unit / generate-unit-conf / service.inc
diff --git a/conf/unit/generate-unit-conf/service.inc b/conf/unit/generate-unit-conf/service.inc
index 0d784da..59df916 100644 (file)
--- a/conf/unit/generate-unit-conf/service.inc
+++ b/conf/unit/generate-unit-conf/service.inc
@@ -34,22 +34,29 @@ X-AFM--workdir=APP_DATA_DIR/{{:id}}
 
 Requires=afm-user-session@%i.target
 After=user@%i.service
+After=Network.target
 
 # Adds check to smack
 ConditionSecurity=smack
 %nl
 
 # Automatic bound to required api
+{{#required-binding}}
+{{#value=extern}}
+BindsTo=UNIT_NAME_BINDING_SERVICE({{name}},%i)
+After=UNIT_NAME_BINDING_SERVICE({{name}},%i)
+{{/value=extern}}
+{{/required-binding}}
 {{#required-api}}
 {{#value=auto|ws}}
-BindsTo=UNIT_NAME_SOCKET_FOR({{name}})
-After=UNIT_NAME_SOCKET_FOR({{name}})
+BindsTo=UNIT_NAME_API_SERVICE({{name}},%i)
+After=UNIT_NAME_API_SERVICE({{name}},%i)
 {{/value=auto|ws}}
 {{/required-api}}
 {{#provided-api}}
 {{#value=ws|auto}}
-Requires=UNIT_NAME_SOCKET_FOR({{name}})
-After=UNIT_NAME_SOCKET_FOR({{name}})
+Requires=UNIT_NAME_API_SOCKET({{name}},%i)
+After=UNIT_NAME_API_SOCKET({{name}},%i)
 {{/value=ws|auto}}
 {{/provided-api}}
 
@@ -63,30 +70,33 @@ SuccessExitStatus=0 SIGKILL
 User=%i
 Slice=user-%i.slice
 
-#CapabilityBoundingSet=
+CapabilityBoundingSet=
 #AmbientCapabilities=
 
 ON_PERM(:platform:no-oom,   OOMScoreAdjust=-500)
 ON_PERM(:partner:real-time, IOSchedulingClass=realtime)
-ON_PERM(:public:display,    SupplementaryGroups=display)
 ON_PERM(:public:syscall:clock, , SystemCallFilter=~@clock)
+#ON_PERM(:public:display,    SupplementaryGroups=display)
+SupplementaryGroups=display
 %nl
 
 WorkingDirectory=-APP_DATA_DIR/{{:id}}
 ExecStartPre=/bin/mkdir -p APP_DATA_DIR/{{:id}}
+Environment=AFM_ID=TARGET
 Environment=AFM_APP_INSTALL_DIR={{:#metadata.install-dir}}
+Environment=AFM_WORKDIR=APP_DATA_DIR/{{:id}}
+Environment=AFM_WSAPI_DIR=API_PATH_WS
 Environment=PATH=/usr/sbin:/usr/bin:/sbin:/bin:{{:#metadata.install-dir}}/bin
 Environment=LD_LIBRARY_PATH={{:#metadata.install-dir}}/lib
 Environment=XDG_DATA_HOME=APP_DATA_DIR/{{:id}}
 Environment=XDG_CONFIG_HOME=APP_DATA_DIR/{{:id}}
 Environment=XDG_CACHE_HOME=APP_DATA_DIR/{{:id}}
-Environment=XDG_RUNTIME_DIR=/run/user/%i
-Environment=DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/%i/bus
+Environment=XDG_RUNTIME_DIR=USER_RUN_DIR
+Environment=DBUS_SESSION_BUS_ADDRESS=unix:path=USER_RUN_DIR/bus
 
 IF_AGL_DEVEL
 ; Needed to enable debug
-Environment=AFM_ID=TARGET
-EnvironmentFile=-/var/run/afm-debug/TARGET.env
+EnvironmentFile=-DEBUGGING_DIR/TARGET.env
 ENDIF
 
 SyslogIdentifier=afbd-TARGET
Application Framework main service, maintained by iot.bzh team