Added fleet user and group, added polkit rule for fleet

sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/98-fleet-org.freedesktop.systemd1.rules

@@ -0,0 +1,6 @@
+polkit.addRule(function(action, subject) {
+  if (action.id.indexOf("org.freedesktop.systemd1.") == 0 &&
+      subject.user == "fleet") {
+        return polkit.Result.YES;
+  }
+});

sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/fleet.service

@@ -8,6 +8,7 @@ Wants=fleet.socket
 After=fleet.socket
 
 [Service]
+User=fleet
 Environment=GOMAXPROCS=1
 ExecStart=/usr/bin/fleetd
 Restart=always

sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/fleet.socket

@@ -4,4 +4,6 @@ PartOf=fleet.service
 
 [Socket]
 ListenStream=/var/run/fleet.sock
-
+SocketMode=0660
+SocketUser=fleet
+SocketGroup=fleet

sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/sysusers.d/fleet.conf

@@ -0,0 +1,4 @@
+# create fleet user and group
+u fleet 253 - -
+# add core to fleet group
+m core fleet - -

sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/tmpfiles.d/fleet.conf

@@ -0,0 +1 @@
+d    /var/run/fleet 0750 fleet fleet - -

sdk_container/src/third_party/coreos-overlay/app-admin/fleet/fleet-9999.ebuild

@@ -34,6 +34,15 @@ src_install() {
 
 	systemd_dounit "${FILESDIR}"/${PN}.service
 	systemd_dounit "${FILESDIR}"/${PN}.socket
+	systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/${PN}.conf"
+
+	# Grant systemd1 access for fleet user
+	insinto /usr/share/polkit-1/rules.d
+	doins "${FILESDIR}"/98-fleet-org.freedesktop.systemd1.rules
+
+	# Install sysusers.d snippet which adds fleet group and adds core user into it
+	insinto /usr/lib/sysusers.d/
+	newins "${FILESDIR}"/sysusers.d/${PN}.conf ${PN}.conf
 
 	coreos-dodoc -r Documentation/*
 }