projects / platform / core / system / crash-worker.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 78a42cd)
Configure the crash-service so that it doesn't require root privileges 64/215764/13
authorMateusz Moscicki <m.moscicki2@partner.samsung.com>
Mon, 14 Oct 2019 12:00:40 +0000 (14:00 +0200)
committerMateusz Moscicki <m.moscicki2@partner.samsung.com>
Thu, 21 Nov 2019 11:14:48 +0000 (12:14 +0100)
Change-Id: I6bddc446a31449b7419074f10f795b8ee6c61714

TODO [new file with mode: 0644] patch | blob
src/crash-service/crash-service.conf patch | blob | history
src/crash-service/crash-service.service.m4 patch | blob | history
src/dump_systemstate/dump_systemstate.c patch | blob | history

diff --git a/TODO b/TODO
new file mode 100644 (file)
index 0000000..61aa716
--- /dev/null
+++ b/TODO
@@ -0,0 +1 @@
+* In the future "/usr/bin/pkgcmd --global" as system_fw user will stop working, so it needs to be changed to get installed applications for the global user and for the actual user.
diff --git a/src/crash-service/crash-service.conf b/src/crash-service/crash-service.conf
index f1f1e74..43534d9 100644 (file)
--- a/src/crash-service/crash-service.conf
+++ b/src/crash-service/crash-service.conf
@@ -12,6 +12,12 @@
                       send_interface="org.tizen.system.crash.livedump"
                       send_member="livedump_pid"/>
        </policy>
+       <policy user="crash_worker">
+               <allow own="org.tizen.system.crash.livedump"/>
+               <allow send_destination="org.tizen.system.crash.livedump"
+                      send_interface="org.tizen.system.crash.livedump"
+                      send_member="livedump_pid"/>
+       </policy>
        <policy context="default">
                <deny own="org.tizen.system.crash.livedump"/>
                <deny send_destination="org.tizen.system.crash.livedump"/>
diff --git a/src/crash-service/crash-service.service.m4 b/src/crash-service/crash-service.service.m4
index f080f40..b4221fd 100644 (file)
--- a/src/crash-service/crash-service.service.m4
+++ b/src/crash-service/crash-service.service.m4
@@ -3,8 +3,13 @@ Description=crash service
 
 [Service]
 Type=dbus
+User=crash_worker
+Group=crash_worker
+Capabilities=cap_dac_override,cap_dac_read_search,cap_sys_ptrace,cap_kill,cap_syslog=i
+SecureBits=keep-caps
 BusName=org.tizen.system.crash.livedump
 ExecStart=/usr/bin/crash-service
+SupplementaryGroups=log systemd-journal system_share
 SmackProcessLabel=System
 Nice=-5
 KillMode=mixed
diff --git a/src/dump_systemstate/dump_systemstate.c b/src/dump_systemstate/dump_systemstate.c
index 30a8f35..f971350 100644 (file)
--- a/src/dump_systemstate/dump_systemstate.c
+++ b/src/dump_systemstate/dump_systemstate.c
@@ -215,7 +215,7 @@ int main(int argc, char *argv[])
 
        if (arg_pkgs) {
                fprintf_fd(out_fd, "\n==== Installed packages (/usr/bin/pkgcmd -l)\n");
-               char *pkgcmd_args[] = {"/usr/bin/pkgcmd", "-l", NULL};
+               char *pkgcmd_args[] = {"/usr/bin/pkgcmd", "-l", "--global", NULL};  // see TODO file
                spawn_wait_checked(pkgcmd_args, NULL);
        }
 
Domain: System / System Framework;