From ab358274393cd7dfa9b0211049153a3c38bd909e Mon Sep 17 00:00:00 2001
From: Duncan Sommerville <duncan.sommerville@gmail.com>
Date: Thu, 8 Jan 2015 12:56:09 -0500
Subject: [PATCH] Different approach for running airtime services as
 unprivileged user

---
 installer/install                       |  6 ++-
 installer/lib/Upstart.conf              | 71 -------------------------
 installer/lib/airtime-session-init.conf | 13 +++++
 python_apps/media-monitor/setup.py      |  2 +-
 python_apps/pypo/setup.py               |  2 +-
 5 files changed, 19 insertions(+), 75 deletions(-)
 delete mode 100644 installer/lib/Upstart.conf
 create mode 100644 installer/lib/airtime-session-init.conf

diff --git a/installer/install b/installer/install
index 0281fa058..2e83bd98d 100755
--- a/installer/install
+++ b/installer/install
@@ -374,12 +374,14 @@ verbose "\n * Creating liquidsoap symlink..."
 ln -sf /usr/bin/liquidsoap /usr/bin/airtime-liquidsoap
 verbose "...Done"
 
-sed "s@WEB_USER@${web_user}@g" ${SCRIPT_DIR}/lib/Upstart.conf > /etc/dbus-1/system.d/Upstart.conf
-chmod 644 /etc/init/airtime*
+sed "s@WEB_USER@${web_user}@g;s@WEB_ROOT@${web_root}@g" ${SCRIPT_DIR}/lib/airtime-session-init.conf > /etc/init/airtime-session-init.conf
+chmod 644 /etc/init/airtime/*
 
 service dbus restart
 initctl reload-configuration
 
+service airtime-session-init start
+
 if [ ! -d /var/log/airtime ]; then
     loud "\n-----------------------------------------------------"
     loud "              * Installing Log Files *               "
diff --git a/installer/lib/Upstart.conf b/installer/lib/Upstart.conf
deleted file mode 100644
index 2c59dc380..000000000
--- a/installer/lib/Upstart.conf
+++ /dev/null
@@ -1,71 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE busconfig PUBLIC
-  "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
-  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
-
-<busconfig>
-  <!-- Only the root user can own the Upstart name -->
-  <policy user="root">
-    <allow own="com.ubuntu.Upstart" />
-  </policy>
-
-  <!-- Permit the root user to invoke all of the methods on Upstart, its jobs
-       or their instances, and to get and set properties. -->
-  <policy user="root">
-    <allow send_destination="com.ubuntu.Upstart"
-       send_interface="org.freedesktop.DBus.Properties" />
-
-    <allow send_destination="com.ubuntu.Upstart"
-       send_interface="com.ubuntu.Upstart0_6" />
-    <allow send_destination="com.ubuntu.Upstart"
-       send_interface="com.ubuntu.Upstart0_6.Job" />
-    <allow send_destination="com.ubuntu.Upstart"
-       send_interface="com.ubuntu.Upstart0_6.Instance" />
-  </policy>
-
-  <!-- Allow any user to introspect Upstart's interfaces, to obtain the
-       values of properties (but not set them) and to invoke selected
-       methods on Upstart and its jobs that are used to walk information. -->
-  <policy context="default">
-    <allow send_destination="com.ubuntu.Upstart"
-       send_interface="org.freedesktop.DBus.Introspectable" />
-
-    <allow send_destination="com.ubuntu.Upstart"
-       send_interface="org.freedesktop.DBus.Properties"
-       send_type="method_call" send_member="Get" />
-    <allow send_destination="com.ubuntu.Upstart"
-       send_interface="org.freedesktop.DBus.Properties"
-       send_type="method_call" send_member="GetAll" />
-
-    <allow send_destination="com.ubuntu.Upstart"
-       send_interface="com.ubuntu.Upstart0_6"
-       send_type="method_call" send_member="GetJobByName" />
-    <allow send_destination="com.ubuntu.Upstart"
-       send_interface="com.ubuntu.Upstart0_6"
-       send_type="method_call" send_member="GetAllJobs" />
-
-    <allow send_destination="com.ubuntu.Upstart"
-       send_interface="com.ubuntu.Upstart0_6.Job"
-       send_type="method_call" send_member="GetInstance" />
-    <allow send_destination="com.ubuntu.Upstart"
-       send_interface="com.ubuntu.Upstart0_6.Job"
-       send_type="method_call" send_member="GetInstanceByName" />
-    <allow send_destination="com.ubuntu.Upstart"
-       send_interface="com.ubuntu.Upstart0_6.Job"
-       send_type="method_call" send_member="GetAllInstances" />
-  </policy>
-  
-  <!-- Permit the web user to invoke all of the methods on Upstart, its jobs
-       or their instances, and to get and set properties. -->
-  <policy user="WEB_USER">
-    <allow send_destination="com.ubuntu.Upstart"
-       send_interface="org.freedesktop.DBus.Properties" />
-
-    <allow send_destination="com.ubuntu.Upstart"
-       send_interface="com.ubuntu.Upstart0_6" />
-    <allow send_destination="com.ubuntu.Upstart"
-       send_interface="com.ubuntu.Upstart0_6.Job" />
-    <allow send_destination="com.ubuntu.Upstart"
-       send_interface="com.ubuntu.Upstart0_6.Instance" />
-  </policy>
-</busconfig>
\ No newline at end of file
diff --git a/installer/lib/airtime-session-init.conf b/installer/lib/airtime-session-init.conf
new file mode 100644
index 000000000..7b0af74c7
--- /dev/null
+++ b/installer/lib/airtime-session-init.conf
@@ -0,0 +1,13 @@
+instance WEB_USER
+
+stop on runlevel [016]
+
+script
+  uid=WEB_USER
+  HOME=WEB_ROOT
+
+  export XDG_RUNTIME_DIR="/run/airtime"
+  export HOME
+
+  exec su -s /bin/sh -c 'exec "$0" "$@"' $USER -- init --user --confdir /etc/init/airtime
+end script
\ No newline at end of file
diff --git a/python_apps/media-monitor/setup.py b/python_apps/media-monitor/setup.py
index c35c36131..3f8c04444 100755
--- a/python_apps/media-monitor/setup.py
+++ b/python_apps/media-monitor/setup.py
@@ -12,7 +12,7 @@ if '--no-init-script' in sys.argv:
     data_files = []
     sys.argv.remove('--no-init-script') # super hax
 else:
-    data_files = [('/etc/init', ['install/airtime-media-monitor.conf'])]
+    data_files = [('/etc/init/airtime', ['install/airtime-media-monitor.conf'])]
     print data_files
 
 setup(name='airtime-media-monitor',
diff --git a/python_apps/pypo/setup.py b/python_apps/pypo/setup.py
index 955e75cce..542332324 100755
--- a/python_apps/pypo/setup.py
+++ b/python_apps/pypo/setup.py
@@ -12,7 +12,7 @@ if '--no-init-script' in sys.argv:
     data_files = []
     sys.argv.remove('--no-init-script') # super hax
 else:
-    data_files = [('/etc/init', ['install/airtime-playout.conf', 'install/airtime-liquidsoap.conf'])]
+    data_files = [('/etc/init/airtime', ['install/airtime-playout.conf', 'install/airtime-liquidsoap.conf'])]
     print data_files
 
 setup(name='airtime-playout',