osmith has submitted this change. ( https://gerrit.osmocom.org/c/osmo-trx/+/30131?usp=email )
Change subject: contrib/systemd: run as osmocom user ......................................................................
contrib/systemd: run as osmocom user
I have verified that with AmbientCapabilities=CAP_SYS_NICE, setting scheduling policy as described in the manual still works as expected.
Related: OS#4107 Change-Id: I3e0e5978992dac0a0c76c6f0e859576aa3eb72eb --- M contrib/systemd/osmo-trx-ipc.service M contrib/systemd/osmo-trx-lms.service M contrib/systemd/osmo-trx-uhd.service M contrib/systemd/osmo-trx-usrp1.service A debian/osmo-trx-ipc.postinst A debian/osmo-trx-lms.postinst A debian/osmo-trx-uhd.postinst A debian/osmo-trx-usrp1.postinst 8 files changed, 177 insertions(+), 0 deletions(-)
Approvals: Jenkins Builder: Verified fixeria: Looks good to me, but someone else must approve pespin: Looks good to me, approved
diff --git a/contrib/systemd/osmo-trx-ipc.service b/contrib/systemd/osmo-trx-ipc.service index c7f7c17..12372c0 100644 --- a/contrib/systemd/osmo-trx-ipc.service +++ b/contrib/systemd/osmo-trx-ipc.service @@ -8,8 +8,11 @@ Restart=always StateDirectory=osmocom WorkingDirectory=%S/osmocom +User=osmocom +Group=osmocom ExecStart=/usr/bin/osmo-trx-ipc -C /etc/osmocom/osmo-trx-ipc.cfg RestartSec=2 +AmbientCapabilities=CAP_SYS_NICE # CPU scheduling policy: CPUSchedulingPolicy=rr # For real-time scheduling policies an integer between 1 (lowest priority) and 99 (highest priority): diff --git a/contrib/systemd/osmo-trx-lms.service b/contrib/systemd/osmo-trx-lms.service index f51bd45..09c7475 100644 --- a/contrib/systemd/osmo-trx-lms.service +++ b/contrib/systemd/osmo-trx-lms.service @@ -8,8 +8,11 @@ Restart=always StateDirectory=osmocom WorkingDirectory=%S/osmocom +User=osmocom +Group=osmocom ExecStart=/usr/bin/osmo-trx-lms -C /etc/osmocom/osmo-trx-lms.cfg RestartSec=2 +AmbientCapabilities=CAP_SYS_NICE # CPU scheduling policy: CPUSchedulingPolicy=rr # For real-time scheduling policies an integer between 1 (lowest priority) and 99 (highest priority): diff --git a/contrib/systemd/osmo-trx-uhd.service b/contrib/systemd/osmo-trx-uhd.service index 6c5c2de..64eb510 100644 --- a/contrib/systemd/osmo-trx-uhd.service +++ b/contrib/systemd/osmo-trx-uhd.service @@ -9,8 +9,11 @@ StateDirectory=osmocom WorkingDirectory=%S/osmocom Environment=HOME=%h +User=osmocom +Group=osmocom ExecStart=/usr/bin/osmo-trx-uhd -C /etc/osmocom/osmo-trx-uhd.cfg RestartSec=2 +AmbientCapabilities=CAP_SYS_NICE # CPU scheduling policy: CPUSchedulingPolicy=rr # For real-time scheduling policies an integer between 1 (lowest priority) and 99 (highest priority): diff --git a/contrib/systemd/osmo-trx-usrp1.service b/contrib/systemd/osmo-trx-usrp1.service index 988c053..4e795a2 100644 --- a/contrib/systemd/osmo-trx-usrp1.service +++ b/contrib/systemd/osmo-trx-usrp1.service @@ -8,8 +8,11 @@ Restart=always StateDirectory=osmocom WorkingDirectory=%S/osmocom +User=osmocom +Group=osmocom ExecStart=/usr/bin/osmo-trx-usrp1 -C /etc/osmocom/osmo-trx-usrp1.cfg RestartSec=2 +AmbientCapabilities=CAP_SYS_NICE # CPU scheduling policy: CPUSchedulingPolicy=rr # For real-time scheduling policies an integer between 1 (lowest priority) and 99 (highest priority): diff --git a/debian/osmo-trx-ipc.postinst b/debian/osmo-trx-ipc.postinst new file mode 100755 index 0000000..ed0f889 --- /dev/null +++ b/debian/osmo-trx-ipc.postinst @@ -0,0 +1,38 @@ +#!/bin/sh -e +case "$1" in + configure) + # Create the osmocom group and user (if it doesn't exist yet) + if ! getent group osmocom >/dev/null; then + groupadd --system osmocom + fi + if ! getent passwd osmocom >/dev/null; then + useradd \ + --system \ + --gid osmocom \ + --home-dir /var/lib/osmocom \ + --shell /sbin/nologin \ + --comment "Open Source Mobile Communications" \ + osmocom + fi + + # Fix permissions of previous (root-owned) install (OS#4107) + if dpkg --compare-versions "$2" le "1.13.0"; then + if [ -e /etc/osmocom/osmo-trx-ipc.cfg ]; then + chown -v osmocom:osmocom /etc/osmocom/osmo-trx-ipc.cfg + chmod -v 0660 /etc/osmocom/osmo-trx-ipc.cfg + fi + + if [ -d /etc/osmocom ]; then + chown -v root:osmocom /etc/osmocom + chmod -v 2775 /etc/osmocom + fi + + mkdir -p /var/lib/osmocom + chown -R -v osmocom:osmocom /var/lib/osmocom + fi + ;; +esac + +# dh_installdeb(1) will replace this with shell code automatically +# generated by other debhelper scripts. +#DEBHELPER# diff --git a/debian/osmo-trx-lms.postinst b/debian/osmo-trx-lms.postinst new file mode 100755 index 0000000..4040e98 --- /dev/null +++ b/debian/osmo-trx-lms.postinst @@ -0,0 +1,38 @@ +#!/bin/sh -e +case "$1" in + configure) + # Create the osmocom group and user (if it doesn't exist yet) + if ! getent group osmocom >/dev/null; then + groupadd --system osmocom + fi + if ! getent passwd osmocom >/dev/null; then + useradd \ + --system \ + --gid osmocom \ + --home-dir /var/lib/osmocom \ + --shell /sbin/nologin \ + --comment "Open Source Mobile Communications" \ + osmocom + fi + + # Fix permissions of previous (root-owned) install (OS#4107) + if dpkg --compare-versions "$2" le "1.13.0"; then + if [ -e /etc/osmocom/osmo-trx-lms.cfg ]; then + chown -v osmocom:osmocom /etc/osmocom/osmo-trx-lms.cfg + chmod -v 0660 /etc/osmocom/osmo-trx-lms.cfg + fi + + if [ -d /etc/osmocom ]; then + chown -v root:osmocom /etc/osmocom + chmod -v 2775 /etc/osmocom + fi + + mkdir -p /var/lib/osmocom + chown -R -v osmocom:osmocom /var/lib/osmocom + fi + ;; +esac + +# dh_installdeb(1) will replace this with shell code automatically +# generated by other debhelper scripts. +#DEBHELPER# diff --git a/debian/osmo-trx-uhd.postinst b/debian/osmo-trx-uhd.postinst new file mode 100755 index 0000000..2d1f62d --- /dev/null +++ b/debian/osmo-trx-uhd.postinst @@ -0,0 +1,38 @@ +#!/bin/sh -e +case "$1" in + configure) + # Create the osmocom group and user (if it doesn't exist yet) + if ! getent group osmocom >/dev/null; then + groupadd --system osmocom + fi + if ! getent passwd osmocom >/dev/null; then + useradd \ + --system \ + --gid osmocom \ + --home-dir /var/lib/osmocom \ + --shell /sbin/nologin \ + --comment "Open Source Mobile Communications" \ + osmocom + fi + + # Fix permissions of previous (root-owned) install (OS#4107) + if dpkg --compare-versions "$2" le "1.13.0"; then + if [ -e /etc/osmocom/osmo-trx-uhd.cfg ]; then + chown -v osmocom:osmocom /etc/osmocom/osmo-trx-uhd.cfg + chmod -v 0660 /etc/osmocom/osmo-trx-uhd.cfg + fi + + if [ -d /etc/osmocom ]; then + chown -v root:osmocom /etc/osmocom + chmod -v 2775 /etc/osmocom + fi + + mkdir -p /var/lib/osmocom + chown -R -v osmocom:osmocom /var/lib/osmocom + fi + ;; +esac + +# dh_installdeb(1) will replace this with shell code automatically +# generated by other debhelper scripts. +#DEBHELPER# diff --git a/debian/osmo-trx-usrp1.postinst b/debian/osmo-trx-usrp1.postinst new file mode 100755 index 0000000..93585e6 --- /dev/null +++ b/debian/osmo-trx-usrp1.postinst @@ -0,0 +1,38 @@ +#!/bin/sh -e +case "$1" in + configure) + # Create the osmocom group and user (if it doesn't exist yet) + if ! getent group osmocom >/dev/null; then + groupadd --system osmocom + fi + if ! getent passwd osmocom >/dev/null; then + useradd \ + --system \ + --gid osmocom \ + --home-dir /var/lib/osmocom \ + --shell /sbin/nologin \ + --comment "Open Source Mobile Communications" \ + osmocom + fi + + # Fix permissions of previous (root-owned) install (OS#4107) + if dpkg --compare-versions "$2" le "1.13.0"; then + if [ -e /etc/osmocom/osmo-trx-usrp1.cfg ]; then + chown -v osmocom:osmocom /etc/osmocom/osmo-trx-usrp1.cfg + chmod -v 0660 /etc/osmocom/osmo-trx-usrp1.cfg + fi + + if [ -d /etc/osmocom ]; then + chown -v root:osmocom /etc/osmocom + chmod -v 2775 /etc/osmocom + fi + + mkdir -p /var/lib/osmocom + chown -R -v osmocom:osmocom /var/lib/osmocom + fi + ;; +esac + +# dh_installdeb(1) will replace this with shell code automatically +# generated by other debhelper scripts. +#DEBHELPER#
-
osmith