From b0daa82fada4ad0e9e42a1c89ae2d4962f9c191d Mon Sep 17 00:00:00 2001
From: Lars Karlitski <lars@karlitski.net>
Date: Tue, 19 May 2020 19:40:42 +0200
Subject: [PATCH] distribution: set permissions on api sockets

This fixes permission for the weldr sockets: allow users in group
`weldr` to access them, but nobody else. Also add this group to the
sysusers file.

Fixes #646
---
 distribution/osbuild-composer.conf   | 1 +
 distribution/osbuild-composer.socket | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/distribution/osbuild-composer.conf b/distribution/osbuild-composer.conf
index 892eeb051..26912fde5 100644
--- a/distribution/osbuild-composer.conf
+++ b/distribution/osbuild-composer.conf
@@ -1 +1,2 @@
 u   _osbuild-composer   -   "OSBuild Composer user"
+g   weldr               -
diff --git a/distribution/osbuild-composer.socket b/distribution/osbuild-composer.socket
index 6a1e471e0..aa38749f8 100644
--- a/distribution/osbuild-composer.socket
+++ b/distribution/osbuild-composer.socket
@@ -4,6 +4,8 @@ Description=OSBuild Composer API sockets
 [Socket]
 ListenStream=/run/weldr/api.socket
 ListenStream=/run/osbuild-composer/job.socket
+SocketGroup=weldr
+SocketMode=660
 
 [Install]
 WantedBy=sockets.target