review.tizen.org Git - platform/upstream/systemd.git/commit

author	Łukasz Stelmach <l.stelmach@samsung.com>
	Tue, 28 Jun 2022 13:31:24 +0000 (15:31 +0200)
committer	Łukasz Stelmach <l.stelmach@samsung.com>
	Wed, 29 May 2024 22:07:11 +0000 (00:07 +0200)
commit	8fd090587bddcca6608a4053eb71a6e70eab45fb
tree	149ee3b1e918f8ce53ecc145b0251b9d32b7b126	tree \| snapshot
parent	5827daa0bc6f16cd91e8bb99c21ed1da0fbf932b	commit \| diff

tizen: Set AmbientCapabilities in user@.service

Replace[*] obsolete Capabilities option in user@.service with
AmbientCapabilities to provide appropriate set of capabilties for systemd
to manage user session.

According to capability set transformation rules described in
capabilities(7)

    if a process with nonzero user IDs performs an execve(2) then any
    capabilities that are present in its permitted and effective
    sets will be cleared.

This means that for systemd running with nonzero UID (i.e. as the user
session manager) to keep permitted and effective capability
sets non-empty without setting file capabilities for systemd it is
required to use ambient capabilities.

Using file capabilities for systemd may be a wrong choice in the long
term, because different sets of capabilities may be assigned to different
user sessions.

[*] During update to v255 previous commits changing the value of the
    Capabilities options were dropped.

Change-Id: I479fbbcf153737dbf88340ef4eb4be15d707a9a4
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>