Google Git
Sign in
weave/weave/libweave/1738fbe1eaf592270f7a0d3704addaa8e1dac133^!/.
commit
1738fbe1eaf592270f7a0d3704addaa8e1dac133
[log] [tgz]
author
Anton Muhin <antonm@google.com>
Thu Nov 20 01:10:08 2014 +0400
committer
chrome-internal-fetch <chrome-internal-fetch@google.com>
Thu Nov 20 01:45:58 2014 +0000
tree
4c68b2b26adc29770076026af5bc00686f0868ac
parent
42e3a720a8e87fb45d535989830066b343c4a940 [diff]
buffet: Start buffet under buffet user.

BUG=chromium:390697
TEST=manual

Change-Id: Ib2e96d361f47da01720cc68522bc1e0209a5d18f
Reviewed-on: https://chromium-review.googlesource.com/230850
Tested-by: Anton Muhin <antonm@chromium.org>
Reviewed-by: Christopher Wiley <wiley@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Commit-Queue: Anton Muhin <antonm@chromium.org>

diff --git a/buffet/etc/dbus-1/org.chromium.Buffet.conf b/buffet/etc/dbus-1/org.chromium.Buffet.conf
index 0f6ea4d..aca550f 100644
--- a/buffet/etc/dbus-1/org.chromium.Buffet.conf
+++ b/buffet/etc/dbus-1/org.chromium.Buffet.conf

@@ -3,11 +3,15 @@
  "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
 <busconfig>
   <policy user="root">
+    <allow send_destination="org.chromium.Buffet" />
+  </policy>
+
+  <policy user="buffet">
     <allow own="org.chromium.Buffet" />
     <allow send_destination="org.chromium.Buffet" />
   </policy>
 
   <policy context="default">
-    <allow send_destination="org.chromium.Buffet" />
+    <deny send_destination="org.chromium.Buffet" />
   </policy>
-</busconfig>
\ No newline at end of file
+</busconfig>

diff --git a/buffet/etc/init/buffet.conf b/buffet/etc/init/buffet.conf
index 6965b7c..9e628c5 100644
--- a/buffet/etc/init/buffet.conf
+++ b/buffet/etc/init/buffet.conf

@@ -13,4 +13,8 @@
   mkdir -p /var/lib/buffet
 end script
 
-exec buffet --v="${V:-1}"
+# Minijail actually forks off our desired process.
+expect fork
+
+exec minijail0 -i -g buffet -u buffet \
+	/usr/bin/buffet --v="${V:-1}"