{{^urn:AGL:permission::partner:real-time}} RestrictRealtime=on {{/urn:AGL:permission::partner:real-time}}
{{#urn:AGL:permission::public:display}} SupplementaryGroups=display {{/urn:AGL:permission::public:display}}
{{^urn:AGL:permission::public:syscall:clock}} SystemCallFilter=~@clock {{/urn:AGL:permission::public:syscall:clock}}
- {{^urn:AGL:permission::public:internet}} RestrictAddressFamilies=AF_UNIX {{/urn:AGL:permission::public:internet}}
{{/required-permission}}
%nl
ExecStart=/usr/bin/afb-daemon --port={{:#metadata.http-port}} --random-token \
--rootdir={{:#metadata.install-dir}} \
--workdir={{&#metadata.app-data-dir}}/{{id}} \
- --roothttp=htdocs \
+ {{#required-permission.urn:AGL:permission::public:no-htdocs}}\
+ --roothttp=. \
+ {{/required-permission.urn:AGL:permission::public:no-htdocs}}\
+ {{^required-permission.urn:AGL:permission::public:no-htdocs}}\
+ --roothttp=htdocs \
+ {{/required-permission.urn:AGL:permission::public:no-htdocs}}\
{{#required-permission.urn:AGL:permission::public:applications:read}}\
--alias=/icons:{{:#metadata.icons-dir}} \
{{/required-permission.urn:AGL:permission::public:applications:read}}\
--rootdir={{:#metadata.install-dir}} \
--workdir={{&#metadata.install-dir}}/{{id}} \
{{^required-permission.urn:AGL:permission::partner:service:no-ws}}\
- --ws-server=unix:%t/bindings/{{:#target}} \
+ --ws-server=sd:{{:#target}} \
{{/required-permission.urn:AGL:permission::partner:service:no-ws}}\
{{^required-permission.urn:AGL:permission::partner:service:no-dbus}}\
--dbus-server={{:#target}} \
{{/required-permission.urn:AGL:permission::partner:service:no-dbus}}\
- --no-httpd
+ --no-httpd
{{^required-permission.urn:AGL:permission::partner:service:no-ws}}
[socket]
SmackLabel=*
ListenStream=%t/bindings/{{:#target}}
+FileDescriptorName={{:#target}}
{{/required-permission.urn:AGL:permission::partner:service:no-ws}}
Code Review / src / app-framework-main.git / commitdiff