review.tizen.org Git - platform/framework/web/web-provider.git/commit

author	Yunchan Cho <yunchan.cho@samsung.com>
	Fri, 30 Aug 2013 01:24:34 +0000 (10:24 +0900)
committer	Soo-Hyun Choi <sh9.choi@samsung.com>
	Thu, 12 Sep 2013 04:02:12 +0000 (13:02 +0900)
commit	6ee2dff1e48a649b0666e3467e05d3ae9edf52ab
tree	7bf4e756a69a429461ae22e77858d23fbcbb21a7	tree \| snapshot
parent	86ce30621dfdd7fc5ea0263b69a67e6bf9cb8635	commit \| diff

Set inheritable bit of 'CAP_MAC_ADMIN' capability upon launching web-provider

[Issue#]   N/A
[Problem]  WebProcess forked by web-provider cannot have CAP_MAC_ADMIN capability
[Cause]    web-provider (parent process of WebProcess) did not have the inheritable bit set to '1'.
           In order for WebProcess executable can have CAP_MAC_ADMIN feature,
           the parent process associated with it (e.g., web-provider) also need this bit set to '1'.
[Solution] Set the inheritable bit of web-provider as soon as it is launched.

       As the inheritable bit can't be set by setcap command in shell
       (though, we can still set permitted/effective bits in a shell)
       we set the following to /usr/app/livebox.web-provider/bin/web-provider.
       in order to permit web-provider to change its inheritable capability.

       # setcap cap_mac_admin,cap_setpcap=ep /usr/apps/livebox.web-provider/bin/web-provider

Change-Id: I6171a1079c23a39326944890adf0d66e01e8ed1a

packaging/livebox.web-provider.spec		diff \| blob \| history
src/Daemon/CMakeLists.txt		diff \| blob \| history
src/Daemon/main.cpp		diff \| blob \| history