1
# unity8-setcap - ugly hacks to arrange for /usr/bin/unity8 to have CAP_SYS_RESOURCE
3
# XXX replace me with some root-helper to gain CAP_SYS_RESOURCE XXX
5
author "Loïc Minier <loic.minier@ubuntu.com>"
6
description "Ugly hacks to arrange for /usr/bin/unity8 to have CAP_SYS_RESOURCE"
8
# start when first boot-hooks event is emitted and before lightdm (lightdm
9
# starts ubuntu-touch-session which starts unity8); note that /run is
10
# guaranteeds to be be there because lightdm starts on filesystem
11
start on boot-hooks and starting lightdm
13
# NOT a task as otherwise this would block restarting lightdm
15
env RUNDIR=/run/unity8-setcap
17
# work needs to be done in pre-start as this really is a job with nothing to
20
if [ ! -e "$RUNDIR" ]; then
22
# /run is noexec, hence mounting another tmpfs exec
23
# NB: unity8 is 35K; 512K should be enough for everyone
24
mount -o rw,nosuid,nodev,exec,relatime,mode=755,size=512k -t tmpfs tmpfs "$RUNDIR"
25
cp -a /usr/bin/unity8 "$RUNDIR"
26
setcap CAP_SYS_RESOURCE=+ep "$RUNDIR/unity8"
27
# bind-mount this back as unity8 checks dirname(argv[0]'s) == /usr to
28
# decide whether it's installed or not
29
mount --bind "$RUNDIR/unity8" /usr/bin/unity8