From af2dd344524a8a796e802828279f2509b81c61cd Mon Sep 17 00:00:00 2001 From: Dylan McCall Date: Fri, 22 Jan 2021 14:54:42 -0800 Subject: [PATCH] Use DynamicUser instead of static users To allow this, we need a more lenient policy for owning the service's name on the system bus. --- data/dbus/org.learningequality.Kolibri.Daemon.conf.in | 6 +----- .../org.learningequality.Kolibri.Daemon.service.in | 2 +- data/meson.build | 2 -- ...dbus-org.learningequality.Kolibri.Daemon.service.in | 3 ++- data/sysusers.d/eos-kolibri.conf.in | 1 - data/sysusers.d/meson.build | 6 ------ data/tmpfiles.d/eos-kolibri.conf.in | 3 --- data/tmpfiles.d/meson.build | 6 ------ meson.build | 1 - meson_options.txt | 7 ------- src/eos-kolibri-daemon.in | 10 +++++++--- src/eos_kolibri_tools/config.py.in | 1 - 12 files changed, 11 insertions(+), 37 deletions(-) delete mode 100644 data/sysusers.d/eos-kolibri.conf.in delete mode 100644 data/sysusers.d/meson.build delete mode 100644 data/tmpfiles.d/eos-kolibri.conf.in delete mode 100644 data/tmpfiles.d/meson.build diff --git a/data/dbus/org.learningequality.Kolibri.Daemon.conf.in b/data/dbus/org.learningequality.Kolibri.Daemon.conf.in index e4e8742..d26edca 100644 --- a/data/dbus/org.learningequality.Kolibri.Daemon.conf.in +++ b/data/dbus/org.learningequality.Kolibri.Daemon.conf.in @@ -1,13 +1,9 @@ - - - - - + diff --git a/data/dbus/org.learningequality.Kolibri.Daemon.service.in b/data/dbus/org.learningequality.Kolibri.Daemon.service.in index 4bbf0ed..c0bc1c8 100644 --- a/data/dbus/org.learningequality.Kolibri.Daemon.service.in +++ b/data/dbus/org.learningequality.Kolibri.Daemon.service.in @@ -1,5 +1,5 @@ [D-BUS Service] Name=@KOLIBRI_DAEMON_SERVICE@ Exec=/bin/false -User=@KOLIBRI_USER@ +User=root SystemdService=dbus-@KOLIBRI_DAEMON_SERVICE@.service diff --git a/data/meson.build b/data/meson.build index 155d8a8..926c530 100644 --- a/data/meson.build +++ b/data/meson.build @@ -1,6 +1,4 @@ subdir('dbus') subdir('environment.d') subdir('systemd') -subdir('sysusers.d') -subdir('tmpfiles.d') diff --git a/data/systemd/dbus-org.learningequality.Kolibri.Daemon.service.in b/data/systemd/dbus-org.learningequality.Kolibri.Daemon.service.in index be3fe1c..41c7993 100644 --- a/data/systemd/dbus-org.learningequality.Kolibri.Daemon.service.in +++ b/data/systemd/dbus-org.learningequality.Kolibri.Daemon.service.in @@ -6,5 +6,6 @@ ConditionPathExists=/var/lib/flatpak/app/@KOLIBRI_FLATPAK_ID@ Type=dbus BusName=@KOLIBRI_DAEMON_SERVICE@ ExecStart=@libexecdir@/eos-kolibri-daemon +DynamicUser=yes User=@KOLIBRI_USER@ -PrivateTmp=yes +StateDirectory=kolibri diff --git a/data/sysusers.d/eos-kolibri.conf.in b/data/sysusers.d/eos-kolibri.conf.in deleted file mode 100644 index 9d997e7..0000000 --- a/data/sysusers.d/eos-kolibri.conf.in +++ /dev/null @@ -1 +0,0 @@ -u @KOLIBRI_USER@ - "Kolibri" @KOLIBRI_USER_HOME@ diff --git a/data/sysusers.d/meson.build b/data/sysusers.d/meson.build deleted file mode 100644 index fc3d23a..0000000 --- a/data/sysusers.d/meson.build +++ /dev/null @@ -1,6 +0,0 @@ -configure_file( - input: 'eos-kolibri.conf.in', - output: 'eos-kolibri.conf', - configuration: eos_kolibri_config, - install_dir: systemd_sysusers_dir -) diff --git a/data/tmpfiles.d/eos-kolibri.conf.in b/data/tmpfiles.d/eos-kolibri.conf.in deleted file mode 100644 index 3897673..0000000 --- a/data/tmpfiles.d/eos-kolibri.conf.in +++ /dev/null @@ -1,3 +0,0 @@ -d @KOLIBRI_USER_HOME@ 0755 @KOLIBRI_USER@ @KOLIBRI_USER@ - - -d @KOLIBRI_DATA_DIR@ 0755 @KOLIBRI_USER@ @KOLIBRI_USER@ - - -Z @KOLIBRI_USER_HOME@ 0755 @KOLIBRI_USER@ @KOLIBRI_USER@ - - diff --git a/data/tmpfiles.d/meson.build b/data/tmpfiles.d/meson.build deleted file mode 100644 index 7f1a462..0000000 --- a/data/tmpfiles.d/meson.build +++ /dev/null @@ -1,6 +0,0 @@ -configure_file( - input: 'eos-kolibri.conf.in', - output: 'eos-kolibri.conf', - configuration: eos_kolibri_config, - install_dir: systemd_tmpfiles_dir -) diff --git a/meson.build b/meson.build index 56f66a8..c5f2d26 100644 --- a/meson.build +++ b/meson.build @@ -60,7 +60,6 @@ eos_kolibri_config.set('bindir', bindir) eos_kolibri_config.set('libexecdir', libexecdir) eos_kolibri_config.set('PYTHON', 'python3') eos_kolibri_config.set('KOLIBRI_USER', kolibri_user) -eos_kolibri_config.set('KOLIBRI_USER_HOME', kolibri_user_home) eos_kolibri_config.set('KOLIBRI_DATA_DIR', kolibri_data_dir) eos_kolibri_config.set('KOLIBRI_FLATPAK_ID', kolibri_flatpak_id) eos_kolibri_config.set('KOLIBRI_DAEMON_SERVICE', kolibri_daemon_service) diff --git a/meson_options.txt b/meson_options.txt index 92ef725..ea42eff 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -33,13 +33,6 @@ option( description: 'user to create for the system service' ) -option( - 'kolibri_user_home', - type: 'string', - value: '', - description: 'home directory for the system user [default=$localstatedir/lib/kolibri]' -) - option( 'kolibri_flatpak_id', type: 'string', diff --git a/src/eos-kolibri-daemon.in b/src/eos-kolibri-daemon.in index 21980da..6f8b90e 100644 --- a/src/eos-kolibri-daemon.in +++ b/src/eos-kolibri-daemon.in @@ -1,11 +1,15 @@ #!/bin/sh -: ${KOLIBRI_HOME:="@KOLIBRI_DATA_DIR@"} +: ${STATE_DIRECTORY:=/var/lib/kolibri} + +echo "HOME: ${HOME}" > ${STATE_DIRECTORY}/info.txt +export HOME="${STATE_DIRECTORY}" +echo "HOME: ${HOME}" >> ${STATE_DIRECTORY}/info.txt @bindir@/flatpak run \ --no-desktop \ - --env=KOLIBRI_HOME="${KOLIBRI_HOME}" \ - --filesystem="${KOLIBRI_HOME}" \ + --env=KOLIBRI_HOME="${STATE_DIRECTORY}/data" \ + --filesystem="${STATE_DIRECTORY}/data" \ --system-own-name=@KOLIBRI_DAEMON_SERVICE@ \ --command=/app/libexec/kolibri-gnome/kolibri-daemon \ @KOLIBRI_FLATPAK_ID@ \ diff --git a/src/eos_kolibri_tools/config.py.in b/src/eos_kolibri_tools/config.py.in index 37c82ff..8c240c0 100644 --- a/src/eos_kolibri_tools/config.py.in +++ b/src/eos_kolibri_tools/config.py.in @@ -4,6 +4,5 @@ KOLIBRI_APP_ID = 'org.learningequality.Kolibri' KOLIBRI_SYSTEMD_UNIT_NAME = 'eos-kolibri-system-helper' KOLIBRI_USER = '@KOLIBRI_USER@' -KOLIBRI_USER_HOME = '@KOLIBRI_USER_HOME@' KOLIBRI_DATA_DIR = '@KOLIBRI_DATA_DIR@' KOLIBRI_HTTP_PORT = '@KOLIBRI_PORT@'