From ab358274393cd7dfa9b0211049153a3c38bd909e Mon Sep 17 00:00:00 2001
From: Duncan Sommerville <duncan.sommerville@gmail.com>
Date: Thu, 8 Jan 2015 12:56:09 -0500
Subject: [PATCH] Different approach for running airtime services as
unprivileged user
---
installer/install | 6 ++-
installer/lib/Upstart.conf | 71 -------------------------
installer/lib/airtime-session-init.conf | 13 +++++
python_apps/media-monitor/setup.py | 2 +-
python_apps/pypo/setup.py | 2 +-
5 files changed, 19 insertions(+), 75 deletions(-)
delete mode 100644 installer/lib/Upstart.conf
create mode 100644 installer/lib/airtime-session-init.conf
diff --git a/installer/install b/installer/install
index 0281fa058..2e83bd98d 100755
--- a/installer/install
+++ b/installer/install
@@ -374,12 +374,14 @@ verbose "\n * Creating liquidsoap symlink..."
ln -sf /usr/bin/liquidsoap /usr/bin/airtime-liquidsoap
verbose "...Done"
-sed "s@WEB_USER@${web_user}@g" ${SCRIPT_DIR}/lib/Upstart.conf > /etc/dbus-1/system.d/Upstart.conf
-chmod 644 /etc/init/airtime*
+sed "s@WEB_USER@${web_user}@g;s@WEB_ROOT@${web_root}@g" ${SCRIPT_DIR}/lib/airtime-session-init.conf > /etc/init/airtime-session-init.conf
+chmod 644 /etc/init/airtime/*
service dbus restart
initctl reload-configuration
+service airtime-session-init start
+
if [ ! -d /var/log/airtime ]; then
loud "\n-----------------------------------------------------"
loud " * Installing Log Files * "
diff --git a/installer/lib/Upstart.conf b/installer/lib/Upstart.conf
deleted file mode 100644
index 2c59dc380..000000000
--- a/installer/lib/Upstart.conf
+++ /dev/null
@@ -1,71 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE busconfig PUBLIC
- "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-
-<busconfig>
- <!-- Only the root user can own the Upstart name -->
- <policy user="root">
- <allow own="com.ubuntu.Upstart" />
- </policy>
-
- <!-- Permit the root user to invoke all of the methods on Upstart, its jobs
- or their instances, and to get and set properties. -->
- <policy user="root">
- <allow send_destination="com.ubuntu.Upstart"
- send_interface="org.freedesktop.DBus.Properties" />
-
- <allow send_destination="com.ubuntu.Upstart"
- send_interface="com.ubuntu.Upstart0_6" />
- <allow send_destination="com.ubuntu.Upstart"
- send_interface="com.ubuntu.Upstart0_6.Job" />
- <allow send_destination="com.ubuntu.Upstart"
- send_interface="com.ubuntu.Upstart0_6.Instance" />
- </policy>
-
- <!-- Allow any user to introspect Upstart's interfaces, to obtain the
- values of properties (but not set them) and to invoke selected
- methods on Upstart and its jobs that are used to walk information. -->
- <policy context="default">
- <allow send_destination="com.ubuntu.Upstart"
- send_interface="org.freedesktop.DBus.Introspectable" />
-
- <allow send_destination="com.ubuntu.Upstart"
- send_interface="org.freedesktop.DBus.Properties"
- send_type="method_call" send_member="Get" />
- <allow send_destination="com.ubuntu.Upstart"
- send_interface="org.freedesktop.DBus.Properties"
- send_type="method_call" send_member="GetAll" />
-
- <allow send_destination="com.ubuntu.Upstart"
- send_interface="com.ubuntu.Upstart0_6"
- send_type="method_call" send_member="GetJobByName" />
- <allow send_destination="com.ubuntu.Upstart"
- send_interface="com.ubuntu.Upstart0_6"
- send_type="method_call" send_member="GetAllJobs" />
-
- <allow send_destination="com.ubuntu.Upstart"
- send_interface="com.ubuntu.Upstart0_6.Job"
- send_type="method_call" send_member="GetInstance" />
- <allow send_destination="com.ubuntu.Upstart"
- send_interface="com.ubuntu.Upstart0_6.Job"
- send_type="method_call" send_member="GetInstanceByName" />
- <allow send_destination="com.ubuntu.Upstart"
- send_interface="com.ubuntu.Upstart0_6.Job"
- send_type="method_call" send_member="GetAllInstances" />
- </policy>
-
- <!-- Permit the web user to invoke all of the methods on Upstart, its jobs
- or their instances, and to get and set properties. -->
- <policy user="WEB_USER">
- <allow send_destination="com.ubuntu.Upstart"
- send_interface="org.freedesktop.DBus.Properties" />
-
- <allow send_destination="com.ubuntu.Upstart"
- send_interface="com.ubuntu.Upstart0_6" />
- <allow send_destination="com.ubuntu.Upstart"
- send_interface="com.ubuntu.Upstart0_6.Job" />
- <allow send_destination="com.ubuntu.Upstart"
- send_interface="com.ubuntu.Upstart0_6.Instance" />
- </policy>
-</busconfig>
\ No newline at end of file
diff --git a/installer/lib/airtime-session-init.conf b/installer/lib/airtime-session-init.conf
new file mode 100644
index 000000000..7b0af74c7
--- /dev/null
+++ b/installer/lib/airtime-session-init.conf
@@ -0,0 +1,13 @@
+instance WEB_USER
+
+stop on runlevel [016]
+
+script
+ uid=WEB_USER
+ HOME=WEB_ROOT
+
+ export XDG_RUNTIME_DIR="/run/airtime"
+ export HOME
+
+ exec su -s /bin/sh -c 'exec "$0" "$@"' $USER -- init --user --confdir /etc/init/airtime
+end script
\ No newline at end of file
diff --git a/python_apps/media-monitor/setup.py b/python_apps/media-monitor/setup.py
index c35c36131..3f8c04444 100755
--- a/python_apps/media-monitor/setup.py
+++ b/python_apps/media-monitor/setup.py
@@ -12,7 +12,7 @@ if '--no-init-script' in sys.argv:
data_files = []
sys.argv.remove('--no-init-script') # super hax
else:
- data_files = [('/etc/init', ['install/airtime-media-monitor.conf'])]
+ data_files = [('/etc/init/airtime', ['install/airtime-media-monitor.conf'])]
print data_files
setup(name='airtime-media-monitor',
diff --git a/python_apps/pypo/setup.py b/python_apps/pypo/setup.py
index 955e75cce..542332324 100755
--- a/python_apps/pypo/setup.py
+++ b/python_apps/pypo/setup.py
@@ -12,7 +12,7 @@ if '--no-init-script' in sys.argv:
data_files = []
sys.argv.remove('--no-init-script') # super hax
else:
- data_files = [('/etc/init', ['install/airtime-playout.conf', 'install/airtime-liquidsoap.conf'])]
+ data_files = [('/etc/init/airtime', ['install/airtime-playout.conf', 'install/airtime-liquidsoap.conf'])]
print data_files
setup(name='airtime-playout',