Run Security Containers Server as non root user
[Bug/Feature] Drop root privileges of the server during startup.
[Solution] * User "security-containers" has been added to the
"libvirt" group.
* CAP_SYS_ADMIN and CAP_MAC_OVERRIDE capabilities have
been provided using libcap-ng.
[Verification] 1. Make sure that "security-containers" user (with UID
== 377) exists in the conainers. If no, execute:
chroot /path/to/container /bin/bash \
-c "useradd -r security-containers -u 377"
2. Run tests.
3. Start SCS service as root (directly or via systemd
service). Verify /proc/<PID>/status of the process:
* Uid == 377
* CapPrm == CapEff ==
0000000000200000
* Groups: <libvirt group ID>, <input group>
4. Run the service with "--root" option. Remember to
change policy in dbus configuration file
"etc/dbus-1/system.d/com.samsung.containers.conf"
from "security-containers" to "root".
5. Trigger update (via sending SIGUSR1) and check if
UID, groups and capabilities set did not change.
NOTE: Latest libvirt (from "tizen" branch on
tizen.org) is required.
Change-Id: Idfda05fb081ca48193b19a99a6628cf14ec4bf57
Signed-off-by: Michal Witanowski <m.witanowski@samsung.com>