# Automatic bound to required api
{{#required-api}}
{{#value=auto|ws}}
-BindsTo=afm-api-ws-{{name}}.socket
-After=afm-api-ws-{{name}}.socket
+BindsTo=afm-api-ws-{{name}}@%i.socket
+After=afm-api-ws-{{name}}@%i.socket
{{/value=auto|ws}}
{{/required-api}}
%nl
SmackProcessLabel=User::App::{{:id}}
SuccessExitStatus=0 SIGKILL
+PAMName=su
+User=%i
+
{{#required-permission}}
{{#urn:AGL:permission::platform:no-oom}} OOMScoreAdjust=-500 {{/urn:AGL:permission::platform:no-oom}}
{{#urn:AGL:permission::partner:real-time}} IOSchedulingClass=realtime {{/urn:AGL:permission::partner:real-time}}
Environment=AFM_ID={{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}}
EnvironmentFile=-/var/run/afm-debug/{{idaver}}{{^#target=main}}@{{:#target}}{{/#target=main}}.env
-%systemd-unit user
+%systemd-unit system
{{#required-permission.urn:AGL:permission::public:hidden}}\
-%systemd-unit service afm-service-{{:id}}--{{:ver}}--{{:#target}}
+%systemd-unit service afm-service-{{:id}}--{{:ver}}--{{:#target}}@
{{/required-permission.urn:AGL:permission::public:hidden}}\
{{^required-permission.urn:AGL:permission::public:hidden}}\
-%systemd-unit service afm-appli-{{:id}}--{{:ver}}--{{:#target}}
+%systemd-unit service afm-appli-{{:id}}--{{:ver}}--{{:#target}}@
{{/required-permission.urn:AGL:permission::public:hidden}}\
Environment=LD_LIBRARY_PATH=$ORIGIN/lib
# auto generated by wgtpkg-unit for {{:id}} version {{:version}} target {{:#target}} of {{:idaver}}
#
-%systemd-unit user
-%systemd-unit socket afm-api-ws-{{name}}
+%systemd-unit system
+%systemd-unit socket afm-api-ws-{{name}}@
[Socket]
SmackLabel=*
FileDescriptorName={{name}}
{{#required-permission.urn:AGL:permission::public:hidden}}\
-Service=afm-service-{{:id}}--{{:ver}}--{{:#target}}.service
+Service=afm-service-{{:id}}--{{:ver}}--{{:#target}}@%i.service
{{/required-permission.urn:AGL:permission::public:hidden}}\
{{^required-permission.urn:AGL:permission::public:hidden}}\
-Service=afm-appli-{{:id}}--{{:ver}}--{{:#target}}.service
+Service=afm-appli-{{:id}}--{{:ver}}--{{:#target}}@%i.service
{{/required-permission.urn:AGL:permission::public:hidden}}\
;---------------------------------------------------------------------------------
# Automatic bound to required api
{{#required-api}}
{{#value=auto|ws}}
-BindsTo=afm-api-ws-{{name}}.socket
-After=afm-api-ws-{{name}}.socket
+BindsTo=afm-api-ws-{{name}}@%i.socket
+After=afm-api-ws-{{name}}@%i.socket
{{/value=auto|ws}}
{{/required-api}}
%nl
SmackProcessLabel=User::App::{{:id}}
SuccessExitStatus=0 SIGKILL
+PAMName=su
+User=%i
+
{{#required-permission}}
{{#urn:AGL:permission::platform:no-oom}} OOMScoreAdjust=-500 {{/urn:AGL:permission::platform:no-oom}}
{{#urn:AGL:permission::partner:real-time}} IOSchedulingClass=realtime {{/urn:AGL:permission::partner:real-time}}
Environment=AFM_APP_INSTALL_DIR={{:#metadata.install-dir}}
Environment=PATH=/usr/sbin:/usr/bin:/sbin:/bin:{{:#metadata.install-dir}}
-%systemd-unit user
+%systemd-unit system
{{#required-permission.urn:AGL:permission::public:hidden}}\
-%systemd-unit service afm-service-{{:id}}--{{:ver}}--{{:#target}}
+%systemd-unit service afm-service-{{:id}}--{{:ver}}--{{:#target}}@
{{/required-permission.urn:AGL:permission::public:hidden}}\
{{^required-permission.urn:AGL:permission::public:hidden}}\
-%systemd-unit service afm-appli-{{:id}}--{{:ver}}--{{:#target}}
+%systemd-unit service afm-appli-{{:id}}--{{:ver}}--{{:#target}}@
{{/required-permission.urn:AGL:permission::public:hidden}}\
Environment=LD_LIBRARY_PATH=$ORIGIN/lib
# auto generated by wgtpkg-unit for {{:id}} version {{:version}} target {{:#target}} of {{:idaver}}
#
-%systemd-unit user
-%systemd-unit socket afm-api-ws-{{name}}
+%systemd-unit system
+%systemd-unit socket afm-api-ws-{{name}}@
[Socket]
SmackLabel=*
FileDescriptorName={{name}}
{{#required-permission.urn:AGL:permission::public:hidden}}\
-Service=afm-service-{{:id}}--{{:ver}}--{{:#target}}.service
+Service=afm-service-{{:id}}--{{:ver}}--{{:#target}}@%i.service
{{/required-permission.urn:AGL:permission::public:hidden}}\
{{^required-permission.urn:AGL:permission::public:hidden}}\
-Service=afm-appli-{{:id}}--{{:ver}}--{{:#target}}.service
+Service=afm-appli-{{:id}}--{{:ver}}--{{:#target}}@%i.service
{{/required-permission.urn:AGL:permission::public:hidden}}\
;---------------------------------------------------------------------------------
*/
#include <stdlib.h>
+#include <stdio.h>
#include <assert.h>
#include <string.h>
#include <errno.h>
{
struct json_object *priv, *pub, *id;
const char *strid;
+ char *un = NULL;
+ size_t len;
/* create the application structure */
priv = json_object_new_object();
if (!pub)
goto error;
+ /* make the unit name */
+ len = strlen(unitname);
+ assert(len >= (sizeof service_extension - 1));
+ assert(!memcmp(&unitname[len - (sizeof service_extension - 1)], service_extension, sizeof service_extension));
+ if (unitname[len - sizeof service_extension] == '@') {
+ char buffer[40];
+ size_t l = (size_t)snprintf(buffer, sizeof buffer, "%d", (int)getuid());
+ un = malloc(len + l + 1);
+ if (!un)
+ goto error;
+ memcpy(&un[0], unitname, len - (sizeof service_extension - 1));
+ if (l)
+ memcpy(&un[len - (sizeof service_extension - 1)], buffer, l);
+ memcpy(&un[len - (sizeof service_extension - 1) + l], service_extension, sizeof service_extension);
+ }
+
/* adds the values */
if (add_fields_of_content(priv, pub, content, length)
|| add_field(priv, pub, key_unit_path, unitpath)
- || add_field(priv, pub, key_unit_name, unitname)
+ || add_field(priv, pub, key_unit_name, un ? : unitname)
|| add_field(priv, pub, key_unit_scope, isuser ? scope_user : scope_system))
goto error;
+ free(un);
+ un = NULL;
/* get the id */
if (!json_object_object_get_ex(pub, key_id, &id)) {
return 0;
error:
+ free(un);
json_object_put(pub);
json_object_put(priv);
return -1;
#include "afm-udb.h"
#include "afm-urun.h"
+static const char key_unit_d_path[] = "-unit-dpath-";
+
/**************** get appli basis *********************/
static int get_basis(struct json_object *appli, int *isuser, const char **dpath, int load)
*isuser = strcmp(uscope, "system") != 0;
/* get dpath */
- if (!j_read_string_at(appli, "-unit-dpath-", dpath)) {
+ if (!j_read_string_at(appli, key_unit_d_path, dpath)) {
if (!load) {
errno = ENOENT;
goto error;
ERROR("Can't load unit of name %s for %s: %m", uname, uscope);
goto error;
}
- if (!j_add_string(appli, "-unit-dpath-", dp)) {
+ if (!j_add_string(appli, key_unit_d_path, dp)) {
free(dp);
goto nomem;
}
free(dp);
- j_read_string_at(appli, "-unit-dpath-", dpath);
+ j_read_string_at(appli, key_unit_d_path, dpath);
}
return 0;
int afm_urun_terminate(int runid)
{
int rc = systemd_unit_stop_pid(1 /* TODO: isuser? */, (unsigned)runid);
+ if (rc < 0)
+ rc = systemd_unit_stop_pid(0 /* TODO: isuser? */, (unsigned)runid);
return rc < 0 ? rc : 0;
}
*/
struct json_object *afm_urun_state(struct afm_udb *db, int runid)
{
- int i, n, isuser, pid;
+ int i, n, isuser, pid, wasuser;
char *dpath;
const char *udpath;
const char *id;
result = NULL;
/* get the dpath */
- dpath = systemd_unit_dpath_by_pid(1 /* TODO: isuser? */, (unsigned)runid);
+ dpath = systemd_unit_dpath_by_pid(wasuser = 1, (unsigned)runid);
+ if (!dpath)
+ dpath = systemd_unit_dpath_by_pid(wasuser = 0, (unsigned)runid);
if (!dpath) {
errno = EINVAL;
WARNING("searched runid %d not found", runid);
srandom((unsigned int)time(NULL));
/* init database */
- afudb = afm_udb_create(0, 1, "afm-appli-");
+ afudb = afm_udb_create(1, 1, "afm-appli-");
if (!afudb) {
ERROR("afm_udb_create failed");
return 1;