buffet: Start buffet under buffet user.
BUG=chromium:390697
TEST=manual
Change-Id: Ib2e96d361f47da01720cc68522bc1e0209a5d18f
Reviewed-on: https://chromium-review.googlesource.com/230850
Tested-by: Anton Muhin <antonm@chromium.org>
Reviewed-by: Christopher Wiley <wiley@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Commit-Queue: Anton Muhin <antonm@chromium.org>
diff --git a/buffet/etc/dbus-1/org.chromium.Buffet.conf b/buffet/etc/dbus-1/org.chromium.Buffet.conf
index 0f6ea4d..aca550f 100644
--- a/buffet/etc/dbus-1/org.chromium.Buffet.conf
+++ b/buffet/etc/dbus-1/org.chromium.Buffet.conf
@@ -3,11 +3,15 @@
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
+ <allow send_destination="org.chromium.Buffet" />
+ </policy>
+
+ <policy user="buffet">
<allow own="org.chromium.Buffet" />
<allow send_destination="org.chromium.Buffet" />
</policy>
<policy context="default">
- <allow send_destination="org.chromium.Buffet" />
+ <deny send_destination="org.chromium.Buffet" />
</policy>
-</busconfig>
\ No newline at end of file
+</busconfig>
diff --git a/buffet/etc/init/buffet.conf b/buffet/etc/init/buffet.conf
index 6965b7c..9e628c5 100644
--- a/buffet/etc/init/buffet.conf
+++ b/buffet/etc/init/buffet.conf
@@ -13,4 +13,8 @@
mkdir -p /var/lib/buffet
end script
-exec buffet --v="${V:-1}"
+# Minijail actually forks off our desired process.
+expect fork
+
+exec minijail0 -i -g buffet -u buffet \
+ /usr/bin/buffet --v="${V:-1}"
