Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[devicelock] use systemd-provided socket for hostservice. Fixes JB#49389
Adjust socket permissions for nemo-sevicelock.socket to make it
accessible by root:privileged.
  • Loading branch information
NotKit committed Sep 21, 2020
1 parent 95c0684 commit c11e2f1
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 1 deletion.
11 changes: 10 additions & 1 deletion src/nemo-devicelock/host/hostservice.cpp
Expand Up @@ -80,7 +80,7 @@ public slots:
};

HostService::HostService(const QVector<HostObject *> objects, QObject *parent)
: QDBusServer(QStringLiteral("unix:path=/run/nemo-devicelock/socket"), parent)
: QDBusServer(HostService::socketAddress(), parent)
, m_objects(objects)
{
setAnonymousAuthenticationAllowed(true);
Expand Down Expand Up @@ -175,6 +175,15 @@ void HostService::connectionReady(const QDBusConnection &newConnection)
}
}

QString HostService::socketAddress()
{
// Check if socket-based activation logic is enabled and at least one fd is provided
if (sd_listen_fds(0) > 0)
return QStringLiteral("systemd:");

return QStringLiteral("unix:path=/run/nemo-devicelock/socket");
}

}

#include "hostservice.moc"
1 change: 1 addition & 0 deletions src/nemo-devicelock/host/hostservice.h
Expand Up @@ -69,6 +69,7 @@ class HostService : public QDBusServer
friend class ConnectionMonitor;

void connectionReady(const QDBusConnection &connection);
static QString socketAddress();

const QVector<HostObject *> m_objects;
};
Expand Down
3 changes: 3 additions & 0 deletions systemd/nemo-devicelock.socket
Expand Up @@ -8,3 +8,6 @@ Conflicts=shutdown.target
[Socket]
ListenStream=/run/nemo-devicelock/socket
Accept=false
SocketUser=root
SocketGroup=privileged
SocketMode=0660

0 comments on commit c11e2f1

Please sign in to comment.