Code Review / src / app-framework-main.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
afm-unit: Restore removal of capabilities
[src/app-framework-main.git] / conf / unit / generate-unit-conf / service.inc
diff --git a/conf/unit/generate-unit-conf/service.inc b/conf/unit/generate-unit-conf/service.inc
index 59df916..839533d 100644 (file)
--- a/conf/unit/generate-unit-conf/service.inc
+++ b/conf/unit/generate-unit-conf/service.inc
@@ -30,6 +30,7 @@ X-AFM--content={{content.src}}
 X-AFM--type={{content.type}}
 X-AFM--wgtdir={{:#metadata.install-dir}}
 X-AFM--workdir=APP_DATA_DIR/{{:id}}
+X-AFM--visibility=ON_PERM(`:public:hidden', `hidden', `visible')
 %nl
 
 Requires=afm-user-session@%i.target
@@ -64,6 +65,7 @@ After=UNIT_NAME_API_SOCKET({{name}},%i)
 
 [Service]
 EnvironmentFile=-AFM_CONFIG_DIR/unit.env.d/*
+EnvironmentFile=-AFM_CONFIG_DIR/widget.env.d/{{:id}}/*
 SmackProcessLabel=User::App::{{:id}}
 SuccessExitStatus=0 SIGKILL
 
@@ -75,9 +77,8 @@ CapabilityBoundingSet=
 
 ON_PERM(:platform:no-oom,   OOMScoreAdjust=-500)
 ON_PERM(:partner:real-time, IOSchedulingClass=realtime)
+ON_PERM(:public:display,    SupplementaryGroups=display)
 ON_PERM(:public:syscall:clock, , SystemCallFilter=~@clock)
-#ON_PERM(:public:display,    SupplementaryGroups=display)
-SupplementaryGroups=display
 %nl
 
 WorkingDirectory=-APP_DATA_DIR/{{:id}}
Application Framework main service, maintained by iot.bzh team