--- /dev/null
+Configuration of af-main using systemd
+======================================
+
+Mechanism to start user sessions
+--------------------------------
+
+The mechanism to start a session for the user of **UID** is
+to start the service **afm-user-session@UID.service**.
+
+This has the effect of starting a session.
+
+To achieve that goal the first is to start the user session.
+This is done using the 2 systemd directives [1]:
+
+ User=%i
+ PAMName=afm-user-session
+
+The first tells what is the user. %i is replaced by the parameter
+of the service: UID. So the user is referenced here by its number.
+
+For this user, the PAM script **afm-user-session** is evaluated.
+It is implmented by the file */etc/pam.d/afm-user-session*.
+That script MUST refer to *pam_systemd.so* for opening the session
+with systemd. It often takes the form of a line of the form:
+
+ session optional pam_systemd.so
+
+that is directly or indirectly (through includes) activated by
+**afm-user-session**. [2] [3]
+
+The effect of starting a systemd user session is to start the
+user services and the most important one: dbus.
+
+When the user session is started, the service
+**afm-user-session@UID.service** enters its second phase:
+activation of the user session for the framework.
+
+This is achieved by activating the target **afm-user-session@.target**.
+But activating a *system* unit from a *user* session is a
+thing that has to be safe. This is done by the program
+**afm-user-session**. This program runs as rot (with the set-uid)
+and simply execute *systemctl --wait start afm-user-session@UID.target*.
+Where *UID* is the user id of the calling process.
+
+[1] https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+[2] https://www.freedesktop.org/software/systemd/man/pam_systemd.html
+[3] https://linux.die.net/man/5/pam.conf
FILES
${CMAKE_CURRENT_BINARY_DIR}/afm-system-daemon.service
${CMAKE_CURRENT_BINARY_DIR}/afm-system-daemon.socket
- ${CMAKE_CURRENT_SOURCE_DIR}/afm-system-daemon.conf
+ ${CMAKE_CURRENT_SOURCE_DIR}/afm-system-setup.service
${CMAKE_CURRENT_SOURCE_DIR}/afm-user-session@.service
${CMAKE_CURRENT_SOURCE_DIR}/afm-user-session@.target
+ ${CMAKE_CURRENT_SOURCE_DIR}/afm-user-setup@.service
DESTINATION
${UNITDIR_SYSTEM}
)
[Unit]
Description=Application Framework Master, system side
+Require=afm-system-setup.service
[Service]
#User=afm
[Unit]
Description=Initiate afm-system-setup
-Before=weston.service
+Before=weston.service afs-supervisor.service afm-system-daemon.service
[Service]
-Type=one-shot
-ExecStart=-/bin/sh -c "/bin/mkdir -m 755 -Z '*' /run/platform"
-ExecStart=-/bin/sh -c "/bin/mkdir -m 755 -Z '*' /run/platform/display"
-ExecStart=-/bin/sh -c "/bin/mkdir -m 755 -Z '*' /run/platform/apis"
-ExecStart=-/bin/sh -c "/bin/mkdir -m 755 -Z '*' /run/platform/apis/ws"
+Type=oneshot
+ExecStart=-/bin/sh -c "/bin/mkdir -m 755 /run/platform; /usr/bin/chsmack -a '*' /run/platform"
+ExecStart=-/bin/sh -c "/bin/mkdir -m 755 /run/platform/display; /usr/bin/chsmack -a '*' /run/platform/display"
+ExecStart=-/bin/sh -c "/bin/mkdir -m 755 /run/platform/apis; /usr/bin/chsmack -a '*' /run/platform/apis"
+ExecStart=-/bin/sh -c "/bin/mkdir -m 755 /run/platform/apis/ws; /usr/bin/chsmack -a '*' /run/platform/apis/ws"
[Service]
User=%i
PAMName=afm-user-session
-ExecStart=/bin/systemctl --wait start afm-user-session@%i.target
+ExecStart=/usr/bin/afm-user-session
Description=Initiate afm-user-setup %i
After=user@%i.service
[Service]
-Type=one-shot
-ExecStart=-/bin/sh -c "/bin/mkdir -Z '*' /run/user/%i && /bin/chown %i:%i /run/user/%i"
-ExecStart=-/bin/sh -c "/bin/mkdir -Z '*' /run/user/%i/apis && /bin/chown %i:%i /run/user/%i/apis"
-ExecStart=-/bin/sh -c "/bin/mkdir -Z '*' /run/user/%i/apis/ws && /bin/chown %i:%i /run/user/%i/apis/ws"
+Type=oneshot
+ExecStart=-/bin/sh -c "/bin/mkdir /run/user/%i; /bin/chown %i:%i /run/user/%i; /usr/bin/chsmack -a '*' /run/user/%i"
+ExecStart=-/bin/sh -c "/bin/mkdir /run/user/%i/apis; /bin/chown %i:%i /run/user/%i/apis; /usr/bin/chsmack -a '*' /run/user/%i/apis"
+ExecStart=-/bin/sh -c "/bin/mkdir /run/user/%i/apis/ws; /bin/chown %i:%i /run/user/%i/apis/ws; /usr/bin/chsmack -a '*' /run/user/%i/apis/ws"
+ExecStart=-/bin/sh -c "/bin/ln -sf /run/platform/display/wayland-0 /run/user/%i/wayland-0; /bin/chown %i:%i /run/user/%i/wayland-0; /usr/bin/chsmack -a '*' /run/user/%i/wayland-0"
+
+
%systemd-unit socket afm-api-ws-{{name}}@
[Unit]
Description=Provides api {{name}} for user %i
-After=user@%i.service
+Requires=afm-user-setup@%i.service
+After=afm-user-setup@%i.service
DefaultDependencies=no
[Socket]
SmackLabel=*
%systemd-unit socket afm-api-ws-{{name}}@
[Unit]
Description=Provides api {{name}} for user %i
-After=user@%i.service
+Requires=afm-user-setup@%i.service
+After=afm-user-setup@%i.service
DefaultDependencies=no
[Socket]
SmackLabel=*
%systemd-unit socket afm-api-ws-{{name}}@
[Unit]
Description=Provides api {{name}} for user %i
-After=user@%i.service
+Requires=afm-user-setup@%i.service
+After=afm-user-setup@%i.service
DefaultDependencies=no
[Socket]
Code Review / src / app-framework-main.git / commitdiff