isu: Separate session for amd process using --new-session

The DA team requested that the `amd` process running through ISU
sandboxing be executed in a separate session by calling `setsid()`.
This ensures that the `amd` daemon is properly separated from its
parent process and process group, which is a typical setup for
daemonized processes.

Previously, the session of the `amd` process was not separated,
which may lead to potential issues with process management. By adding
the `--new-session` flag to the ISU configuration, this request is
addressed.

Change-Id: If0bf6bc70f36004cf2dc81ea7b498c216cc240cb
(cherry picked from commit c8472601f850b70a27f559fc0d532ac5e0b40609)

diff --git a/isu/system-services/ac.service b/isu/system-services/ac.service
index 36ad8dc9f229b0f6ebb50f98a359ad1b0d38995c..216d3edb3ed12d86728b0b6f8b023775350f6511 100644 (file)
--- a/isu/system-services/ac.service
+++ b/isu/system-services/ac.service
@@ -25,6 +25,7 @@ ExecStart=/bin/isu-sandbox $ISU_SANDBOX_INVOCATION \
                      --cap-add CAP_DAC_OVERRIDE \
                      --cap-add CAP_SYS_ADMIN \
                      --set-listen-pid \
+                     --new-session \
                      /usr/bin/amd
 AmbientCapabilities=CAP_SETFCAP CAP_SETUID CAP_SETGID
 SecureBits=keep-caps