From b07f4d3cb066966a81289bd36c0273c532fa2f8a Mon Sep 17 00:00:00 2001
From: madelen-at-work <madelen-at-work@users.noreply.github.com>
Date: Wed, 27 Mar 2024 08:40:48 +0100
Subject: [PATCH] Set group permissions on runtime directory

---
 app/dockerdwrapperwithcompose.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/app/dockerdwrapperwithcompose.c b/app/dockerdwrapperwithcompose.c
index 9a14064..ef697e8 100644
--- a/app/dockerdwrapperwithcompose.c
+++ b/app/dockerdwrapperwithcompose.c
@@ -436,9 +436,7 @@ start_dockerd(void)
   }
 
   if (use_ipc_socket) {
-    // Get uid and gid
     uid_t uid = getuid();
-    // uid_t gid = getgid();
 
     // The socket should reside in the user directory
     // TODO: Ideally we would want to set the group ownership here as well, with
@@ -674,6 +672,9 @@ main(void)
   openlog(NULL, LOG_PID, LOG_USER);
   syslog(LOG_INFO, "Started logging.");
 
+  // Setup signal handling.
+  init_signals();
+
   // Get UID of the current user
   uid_t uid = getuid();
 
@@ -714,8 +715,15 @@ main(void)
   syslog(LOG_INFO, "DOCKER_HOST: %s", docker_host);
   syslog(LOG_INFO, "XDG_RUNTIME_DIR: %s", xdg_runtime_dir);
 
-  // Setup signal handling.
-  init_signals();
+  // Set permission on XDG_RUNTIME_DIR to give group (addon) members read and
+  // execute rights. This is needed for other ACAP applications to be able to
+  // use the IPC socket.
+  if (chmod(xdg_runtime_dir, 0750) != 0) {
+    syslog(LOG_ERR,
+           "Failed to set permissions on runtime directory %s",
+           xdg_runtime_dir);
+    goto end;
+  }
 
   // Setup ax_parameter
   ax_parameter = setup_axparameter();