The application framework


The daemon afmpkg-daemon installs and removes applications. It is automatically called when dnf installs or removes applications.

The daemon afm-system-daemon handles life of installed application:

  • running
  • terminating
  • inventory

In addition, they ensure that operations use the security framework as needed and that applications are executed in the correct context.

The daemon afm-system-daemon is accessible through redpesk micro-service architecture using either the binder afb-binder, the client library libafbcli or the programs afb-client and afm-util.

Starting afm-system-daemon

afm-system-daemon is started by systemd services.

Internally, the daemon is built as a binding served by afb-binder.

Tasks of afm-system-daemon

Maintaining list of applications

At start afm-system-daemon scans the directories containing applications and load in memory a list of available applications accessible by current user.

afm-system-daemon provides the data it collects about applications to its clients. Clients may either request the full list of available applications or a more specific information about a given application.

Launching application

afm-system-daemon launches application by using systemd. Systemd builds a secure environment for the application before starting it.

Once launched, running instances of application receive a runid that identify them. On previous versions, the runid had a special meaning. The current version uses the linux PID of the launched process as runid.

Managing instances of running applications

afm-system-daemon manages the list of applications that it launched.

When owning the right permissions, a client can get the list of running instances and details about a specific running instance. It can also terminate a given application.

Starting afmpkg-daemon

afmpkg-daemon is started by systemd services on need.

Tasks of afmpkg-daemon

The daemon afmpkg-daemon is activated by the dnf’s plugin named redpesk when it detects that the installed or removed package is an afmpkg.

When afmpkg-daemon installs or removes an application, it sends a signal to afm-system-daemon that updates its applications database.

Installing applications

afmpkg-daemon reads the manifest of the installed package check it and, according to its content, set up the system security with the help of the security manager.

Uninstalling applications

afmpkg-daemon contacts the serity manager to cleanup the security rules for the removed application and to remove their security setup.