Unity 8

Merge lp:~lool/unity8/unity8-setcap into lp:unity8

unity8-setcap
Merge into trunk

Proposed by Loïc Minier on 2013-10-15

Status:

Merged

Approved by:

Michał Sawicz on 2013-10-15

Approved revision:

464

Merged at revision:

464

Proposed branch:

lp:~lool/unity8/unity8-setcap

Merge into:

lp:unity8

Diff against target:

58 lines (+35/-0)

3 files modified

data/unity8-setcap.conf (+32/-0)
debian/control (+2/-0)
debian/unity8.install (+1/-0)

To merge this branch:

bzr merge lp:~lool/unity8/unity8-setcap

High

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
PS Jenkins bot (community)	continuous-integration		Needs Fixing on 2013-10-15
Michał Sawicz		2013-10-15	Approve on 2013-10-15
Review via email: mp+191191@code.launchpad.net

Commit message

Add upstart job to copy unity8 to a new tmpfs, setcap it, and bind-mount it back; this is an ugly hack to set CAP_SYS_RESOURCE until we have a root-helper for it.

Description of the change

Add upstart job to copy unity8 to a new tmpfs, setcap it, and bind-mount it back; this is an ugly hack to set CAP_SYS_RESOURCE until we have a root-helper for it.

Revision history for this message

Michał Sawicz (saviq) wrote on 2013-10-15:

Ohkay... if we have to... :/

review: Approve

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2013-10-15:

Click here to trigger a rebuild:
http://10.97.0.26:8080/job/unity8-ci/1412/rebuild

review: Needs Fixing (continuous-integration)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Loïc Minier

Mohammad Rakibul Hasan

Unity Team

 === added file 'data/unity8-setcap.conf'
 --- data/unity8-setcap.conf	1970-01-01 00:00:00 +0000
 +++ data/unity8-setcap.conf	2013-10-15 14:16:12 +0000
@@ -0,0 +1,32 @@
++# unity8-setcap - ugly hacks to arrange for /usr/bin/unity8 to have CAP_SYS_RESOURCE
++
++# XXX replace me with some root-helper to gain CAP_SYS_RESOURCE XXX
++
++author "Loïc Minier <loic.minier@ubuntu.com>"
++description "Ugly hacks to arrange for /usr/bin/unity8 to have CAP_SYS_RESOURCE"
++
++# start when first boot-hooks event is emitted and before lightdm (lightdm
++# starts ubuntu-touch-session which starts unity8); note that /run is
++# guaranteeds to be be there because lightdm starts on filesystem
++start on boot-hooks and starting lightdm
++
++# NOT a task as otherwise this would block restarting lightdm
++
++env RUNDIR=/run/unity8-setcap
++
++# work needs to be done in pre-start as this really is a job with nothing to
++# start
++pre-start script
++    if [ ! -e "$RUNDIR" ]; then
++        mkdir "$RUNDIR"
++        # /run is noexec, hence mounting another tmpfs exec
++        # NB: unity8 is 35K; 512K should be enough for everyone
++        mount -o rw,nosuid,nodev,exec,relatime,mode=755,size=512k -t tmpfs tmpfs "$RUNDIR"
++        cp -a /usr/bin/unity8 "$RUNDIR"
++        setcap CAP_SYS_RESOURCE=+ep "$RUNDIR/unity8"
++        # bind-mount this back as unity8 checks dirname(argv[0]'s) == /usr to
++        # decide whether it's installed or not
++        mount --bind "$RUNDIR/unity8" /usr/bin/unity8
++    fi
++end script
++
 === modified file 'debian/control'
 --- debian/control	2013-10-14 23:17:21 +0000
 +++ debian/control	2013-10-15 14:16:12 +0000
@@ -78,6 +78,8 @@
           unity8-fake-env | qtubuntu-shell,
           unity8-private (= ${binary:Version}),
           unity8-private | unity-launcher-impl,
++# for setcap:
++         libcap2-bin,
           ${misc:Depends},
           ${shlibs:Depends},
  Recommends: ${unity-default-masterscopes},
 === modified file 'debian/unity8.install'
 --- debian/unity8.install	2013-10-14 08:31:39 +0000
 +++ debian/unity8.install	2013-10-15 14:16:12 +0000
@@ -14,3 +14,4 @@
  usr/share/unity8/SideStage
  usr/share/unity8/graphics
  data/unity8.conf usr/share/upstart/sessions/
++data/unity8-setcap.conf etc/init/boot-hooks/