isu: Separate session for amd process using --new-session

The DA team requested that the `amd` process running through ISU
sandboxing be executed in a separate session by calling `setsid()`.
This ensures that the `amd` daemon is properly separated from its
parent process and process group, which is a typical setup for
daemonized processes.

Previously, the session of the `amd` process was not separated,
which may lead to potential issues with process management. By adding
the `--new-session` flag to the ISU configuration, this request is
addressed.

Change-Id: If0bf6bc70f36004cf2dc81ea7b498c216cc240cb

diff --git a/isu/system-services/ac.service b/isu/system-services/ac.service
index 4b1f53665d1ad07fcc4cee08ab36093174d5ecd1..f427a20622f15ff7f1716a8b571cd65eca07e27c 100644 (file)
--- a/isu/system-services/ac.service
+++ b/isu/system-services/ac.service
@@ -26,6 +26,7 @@ ExecStart=/bin/isu-sandbox $ISU_SANDBOX_INVOCATION \
                      --cap-add CAP_SYS_ADMIN \
                      --cap-add CAP_FOWNER \
                      --set-listen-pid \
+                     --new-session \
                      /usr/bin/amd
 AmbientCapabilities=CAP_SETFCAP CAP_SETUID CAP_SETGID
 SecureBits=keep-caps