From 1ce33582fffe6558a6418c3e2f52b443490c6a49 Mon Sep 17 00:00:00 2001 From: Dylan McCall Date: Fri, 22 Jan 2021 14:54:42 -0800 Subject: [PATCH] Use DynamicUser instead of static users To allow this, we need a more lenient policy for owning the service's name on the system bus. --- data/dbus/org.learningequality.Kolibri.Daemon.conf.in | 6 +----- data/dbus/org.learningequality.Kolibri.Daemon.service.in | 2 +- data/meson.build | 2 -- .../dbus-org.learningequality.Kolibri.Daemon.service.in | 5 ++++- data/sysusers.d/eos-kolibri.conf.in | 1 - data/sysusers.d/meson.build | 6 ------ data/tmpfiles.d/eos-kolibri.conf.in | 3 --- data/tmpfiles.d/meson.build | 6 ------ meson.build | 7 +------ meson_options.txt | 7 ------- src/eos-kolibri-daemon.in | 6 +++++- src/eos_kolibri/config.py.in | 3 +-- 12 files changed, 13 insertions(+), 41 deletions(-) delete mode 100644 data/sysusers.d/eos-kolibri.conf.in delete mode 100644 data/sysusers.d/meson.build delete mode 100644 data/tmpfiles.d/eos-kolibri.conf.in delete mode 100644 data/tmpfiles.d/meson.build diff --git a/data/dbus/org.learningequality.Kolibri.Daemon.conf.in b/data/dbus/org.learningequality.Kolibri.Daemon.conf.in index e4e8742..d26edca 100644 --- a/data/dbus/org.learningequality.Kolibri.Daemon.conf.in +++ b/data/dbus/org.learningequality.Kolibri.Daemon.conf.in @@ -1,13 +1,9 @@ - - - - - + diff --git a/data/dbus/org.learningequality.Kolibri.Daemon.service.in b/data/dbus/org.learningequality.Kolibri.Daemon.service.in index 4bbf0ed..c0bc1c8 100644 --- a/data/dbus/org.learningequality.Kolibri.Daemon.service.in +++ b/data/dbus/org.learningequality.Kolibri.Daemon.service.in @@ -1,5 +1,5 @@ [D-BUS Service] Name=@KOLIBRI_DAEMON_SERVICE@ Exec=/bin/false -User=@KOLIBRI_USER@ +User=root SystemdService=dbus-@KOLIBRI_DAEMON_SERVICE@.service diff --git a/data/meson.build b/data/meson.build index 155d8a8..926c530 100644 --- a/data/meson.build +++ b/data/meson.build @@ -1,6 +1,4 @@ subdir('dbus') subdir('environment.d') subdir('systemd') -subdir('sysusers.d') -subdir('tmpfiles.d') diff --git a/data/systemd/dbus-org.learningequality.Kolibri.Daemon.service.in b/data/systemd/dbus-org.learningequality.Kolibri.Daemon.service.in index be3fe1c..9e120f9 100644 --- a/data/systemd/dbus-org.learningequality.Kolibri.Daemon.service.in +++ b/data/systemd/dbus-org.learningequality.Kolibri.Daemon.service.in @@ -6,5 +6,8 @@ ConditionPathExists=/var/lib/flatpak/app/@KOLIBRI_FLATPAK_ID@ Type=dbus BusName=@KOLIBRI_DAEMON_SERVICE@ ExecStart=@libexecdir@/eos-kolibri-daemon +DynamicUser=yes User=@KOLIBRI_USER@ -PrivateTmp=yes +RuntimeDirectory=kolibri +StateDirectory=kolibri +Environment=HOME=%t/kolibri diff --git a/data/sysusers.d/eos-kolibri.conf.in b/data/sysusers.d/eos-kolibri.conf.in deleted file mode 100644 index 9d997e7..0000000 --- a/data/sysusers.d/eos-kolibri.conf.in +++ /dev/null @@ -1 +0,0 @@ -u @KOLIBRI_USER@ - "Kolibri" @KOLIBRI_USER_HOME@ diff --git a/data/sysusers.d/meson.build b/data/sysusers.d/meson.build deleted file mode 100644 index fc3d23a..0000000 --- a/data/sysusers.d/meson.build +++ /dev/null @@ -1,6 +0,0 @@ -configure_file( - input: 'eos-kolibri.conf.in', - output: 'eos-kolibri.conf', - configuration: eos_kolibri_config, - install_dir: systemd_sysusers_dir -) diff --git a/data/tmpfiles.d/eos-kolibri.conf.in b/data/tmpfiles.d/eos-kolibri.conf.in deleted file mode 100644 index 3897673..0000000 --- a/data/tmpfiles.d/eos-kolibri.conf.in +++ /dev/null @@ -1,3 +0,0 @@ -d @KOLIBRI_USER_HOME@ 0755 @KOLIBRI_USER@ @KOLIBRI_USER@ - - -d @KOLIBRI_DATA_DIR@ 0755 @KOLIBRI_USER@ @KOLIBRI_USER@ - - -Z @KOLIBRI_USER_HOME@ 0755 @KOLIBRI_USER@ @KOLIBRI_USER@ - - diff --git a/data/tmpfiles.d/meson.build b/data/tmpfiles.d/meson.build deleted file mode 100644 index 7f1a462..0000000 --- a/data/tmpfiles.d/meson.build +++ /dev/null @@ -1,6 +0,0 @@ -configure_file( - input: 'eos-kolibri.conf.in', - output: 'eos-kolibri.conf', - configuration: eos_kolibri_config, - install_dir: systemd_tmpfiles_dir -) diff --git a/meson.build b/meson.build index 1267c31..3e778a0 100644 --- a/meson.build +++ b/meson.build @@ -51,12 +51,8 @@ dbus_system_conf_dir = join_paths(datadir, 'dbus-1', 'system.d') kolibri_user = get_option('kolibri_user') -kolibri_user_home = get_option('kolibri_user_home') -if kolibri_user_home == '' - kolibri_user_home = join_paths(get_option('prefix'), get_option('localstatedir'), 'lib', 'kolibri') -endif +kolibri_data_dir = join_paths(get_option('prefix'), get_option('localstatedir'), 'lib', 'kolibri', 'data') -kolibri_data_dir = join_paths(kolibri_user_home, 'data') kolibri_flatpak_id = get_option('kolibri_flatpak_id') kolibri_daemon_service = '@0@.Daemon'.format(kolibri_flatpak_id) @@ -66,7 +62,6 @@ eos_kolibri_config.set('libexecdir', libexecdir) eos_kolibri_config.set('PYTHON', 'python3') eos_kolibri_config.set('PYTHON_INSTALL_DIR', python_install_dir) eos_kolibri_config.set('KOLIBRI_USER', kolibri_user) -eos_kolibri_config.set('KOLIBRI_USER_HOME', kolibri_user_home) eos_kolibri_config.set('KOLIBRI_DATA_DIR', kolibri_data_dir) eos_kolibri_config.set('KOLIBRI_FLATPAK_ID', kolibri_flatpak_id) eos_kolibri_config.set('KOLIBRI_DAEMON_SERVICE', kolibri_daemon_service) diff --git a/meson_options.txt b/meson_options.txt index 92ef725..ea42eff 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -33,13 +33,6 @@ option( description: 'user to create for the system service' ) -option( - 'kolibri_user_home', - type: 'string', - value: '', - description: 'home directory for the system user [default=$localstatedir/lib/kolibri]' -) - option( 'kolibri_flatpak_id', type: 'string', diff --git a/src/eos-kolibri-daemon.in b/src/eos-kolibri-daemon.in index b6bf4cc..54a100d 100644 --- a/src/eos-kolibri-daemon.in +++ b/src/eos-kolibri-daemon.in @@ -1,6 +1,10 @@ #!/bin/sh -: ${KOLIBRI_HOME:="@KOLIBRI_DATA_DIR@"} +: ${STATE_DIRECTORY:=/var/lib/kolibri} + +export KOLIBRI_HOME="${STATE_DIRECTORY}/data" + +mkdir -p "${KOLIBRI_HOME}" @bindir@/flatpak run \ --no-desktop \ diff --git a/src/eos_kolibri/config.py.in b/src/eos_kolibri/config.py.in index 692a730..17dad48 100644 --- a/src/eos_kolibri/config.py.in +++ b/src/eos_kolibri/config.py.in @@ -1,7 +1,6 @@ #!/usr/bin/python3 +KOLIBRI_DATA_DIR = '@KOLIBRI_DATA_DIR@' KOLIBRI_FLATPAK_ID = '@KOLIBRI_FLATPAK_ID@' KOLIBRI_SYSTEMD_SERVICE_NAME = 'dbus-@KOLIBRI_DAEMON_SERVICE@.service' - KOLIBRI_USER = '@KOLIBRI_USER@' -KOLIBRI_DATA_DIR = '@KOLIBRI_DATA_DIR@'