Code Review / src / app-framework-main.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
afm-unit: Restore removal of capabilities
[src/app-framework-main.git] / conf / unit / generate-unit-conf / service.inc
diff --git a/conf/unit/generate-unit-conf/service.inc b/conf/unit/generate-unit-conf/service.inc
index 5b146ee..59df916 100644 (file)
--- a/conf/unit/generate-unit-conf/service.inc
+++ b/conf/unit/generate-unit-conf/service.inc
@@ -70,18 +70,22 @@ SuccessExitStatus=0 SIGKILL
 User=%i
 Slice=user-%i.slice
 
-#CapabilityBoundingSet=
+CapabilityBoundingSet=
 #AmbientCapabilities=
 
 ON_PERM(:platform:no-oom,   OOMScoreAdjust=-500)
 ON_PERM(:partner:real-time, IOSchedulingClass=realtime)
-ON_PERM(:public:display,    SupplementaryGroups=display)
 ON_PERM(:public:syscall:clock, , SystemCallFilter=~@clock)
+#ON_PERM(:public:display,    SupplementaryGroups=display)
+SupplementaryGroups=display
 %nl
 
 WorkingDirectory=-APP_DATA_DIR/{{:id}}
 ExecStartPre=/bin/mkdir -p APP_DATA_DIR/{{:id}}
+Environment=AFM_ID=TARGET
 Environment=AFM_APP_INSTALL_DIR={{:#metadata.install-dir}}
+Environment=AFM_WORKDIR=APP_DATA_DIR/{{:id}}
+Environment=AFM_WSAPI_DIR=API_PATH_WS
 Environment=PATH=/usr/sbin:/usr/bin:/sbin:/bin:{{:#metadata.install-dir}}/bin
 Environment=LD_LIBRARY_PATH={{:#metadata.install-dir}}/lib
 Environment=XDG_DATA_HOME=APP_DATA_DIR/{{:id}}
@@ -92,7 +96,6 @@ Environment=DBUS_SESSION_BUS_ADDRESS=unix:path=USER_RUN_DIR/bus
 
 IF_AGL_DEVEL
 ; Needed to enable debug
-Environment=AFM_ID=TARGET
 EnvironmentFile=-DEBUGGING_DIR/TARGET.env
 ENDIF
 
Application Framework main service, maintained by iot.bzh team