Change askuser to non-root daemon.

- Use '/run/user_ext' for askuser-notification.socket
- Set uid and gid for askuser service.

Change-Id: If709f1e5d5e20e9a3863bed6ee54a12b23d074a7

diff --git a/src/common/config/Path.cpp b/src/common/config/Path.cpp
index c6f6869..fece8df 100644 (file)
--- a/src/common/config/Path.cpp
+++ b/src/common/config/Path.cpp
@@ -32,7 +32,7 @@ const std::string &getSocketPath() {
     return socketPath;
 }
 
-const std::string userPathFormatPrefix = "/run/user/";
+const std::string userPathFormatPrefix = "/run/user_ext/";
 const std::string userPathFormatSuffix = "/askuser-notification.socket";
 
 std::string getUserSocketPath(uid_t uid) {

diff --git a/systemd/askuser-notification.socket b/systemd/askuser-notification.socket
index 0df0696..194ab60 100644 (file)
--- a/systemd/askuser-notification.socket
+++ b/systemd/askuser-notification.socket
@@ -1,8 +1,9 @@
 [Socket]
-ListenStream=/run/user/%U/askuser-notification.socket
+ListenStream=/run/user_ext/%U/askuser-notification.socket
 SocketMode=0770
 
 Service=askuser-notification.service
+ExecStartPost=/usr/bin/chmod 0666 /run/user_ext/%U/askuser-notification.socket
 
 [Install]
 WantedBy=sockets.target

diff --git a/systemd/askuser.service b/systemd/askuser.service
index b3e863f..2e36470 100644 (file)
--- a/systemd/askuser.service
+++ b/systemd/askuser.service
@@ -12,6 +12,8 @@ TimeoutStopSec=3
 Restart=always
 
 UMask=0000
+User=security_fw
+Group=security_fw
 
 #Environment="ASKUSER_LOG_LEVEL=LOG_DEBUG"