diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/98-fleet-org.freedesktop.systemd1.rules b/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/98-fleet-org.freedesktop.systemd1.rules new file mode 100644 index 0000000000..92991c8fb8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/98-fleet-org.freedesktop.systemd1.rules @@ -0,0 +1,6 @@ +polkit.addRule(function(action, subject) { + if (action.id.indexOf("org.freedesktop.systemd1.") == 0 && + subject.user == "fleet") { + return polkit.Result.YES; + } +}); diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/fleet.service b/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/fleet.service index 73114f24f6..cd3761ff5e 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/fleet.service +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/fleet.service @@ -8,6 +8,7 @@ Wants=fleet.socket After=fleet.socket [Service] +User=fleet Environment=GOMAXPROCS=1 ExecStart=/usr/bin/fleetd Restart=always diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/fleet.socket b/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/fleet.socket index e094eb7cab..c3e6502974 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/fleet.socket +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/fleet.socket @@ -4,4 +4,6 @@ PartOf=fleet.service [Socket] ListenStream=/var/run/fleet.sock - +SocketMode=0660 +SocketUser=fleet +SocketGroup=fleet diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/sysusers.d/fleet.conf b/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/sysusers.d/fleet.conf new file mode 100644 index 0000000000..b1da6aecf2 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/sysusers.d/fleet.conf @@ -0,0 +1,4 @@ +# create fleet user and group +u fleet 253 - - +# add core to fleet group +m core fleet - - diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/tmpfiles.d/fleet.conf b/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/tmpfiles.d/fleet.conf new file mode 100644 index 0000000000..6da9b0b907 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/files/tmpfiles.d/fleet.conf @@ -0,0 +1 @@ +d /var/run/fleet 0750 fleet fleet - - diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/fleet-0.11.5-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/fleet-0.11.5-r3.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-admin/fleet/fleet-0.11.5-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-admin/fleet/fleet-0.11.5-r3.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/fleet-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/fleet-9999.ebuild index 452304919a..54105f95c8 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/fleet-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-admin/fleet/fleet-9999.ebuild @@ -34,6 +34,15 @@ src_install() { systemd_dounit "${FILESDIR}"/${PN}.service systemd_dounit "${FILESDIR}"/${PN}.socket + systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/${PN}.conf" + + # Grant systemd1 access for fleet user + insinto /usr/share/polkit-1/rules.d + doins "${FILESDIR}"/98-fleet-org.freedesktop.systemd1.rules + + # Install sysusers.d snippet which adds fleet group and adds core user into it + insinto /usr/lib/sysusers.d/ + newins "${FILESDIR}"/sysusers.d/${PN}.conf ${PN}.conf coreos-dodoc -r Documentation/* }