projects / platform / core / security / nether.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 804beeb)
change nether service to non-root service and drop capability. 60/77460/1 accepted/tizen/ivi/20160706.132707 accepted/tizen/mobile/20160706.131438 accepted/tizen/tv/20160706.131517 accepted/tizen/wearable/20160706.131606 submit/tizen/20160706.073439
authorkeeho.yang <keeho.yang@samsung.com>
Thu, 30 Jun 2016 01:48:36 +0000 (10:48 +0900)
committerkeeho.yang <keeho.yang@samsung.com>
Thu, 30 Jun 2016 01:48:41 +0000 (10:48 +0900)
Change-Id: I95aea0e4d64f1155f66d826fe8a9125fcae88c88

conf/systemd/nether.service.in [changed mode: 0644->0755] patch | blob | history
packaging/nether.spec [changed mode: 0644->0755] patch | blob | history

diff --git a/conf/systemd/nether.service.in b/conf/systemd/nether.service.in
old mode 100644 (file)
new mode 100755 (executable)
index 41923cd..9a978e8
--- a/conf/systemd/nether.service.in
+++ b/conf/systemd/nether.service.in
@@ -24,6 +24,8 @@ Type=simple
 ExecStart=${CMAKE_INSTALL_PREFIX}/bin/nether -l JOURNAL -P policy=${SYSCONF_INSTALL_DIR}/nether/cynara.policy -B ${SYSCONF_INSTALL_DIR}/nether/file.policy -r ${SYSCONF_INSTALL_DIR}/nether/nether.rules
 Restart=on-failure
 ExecReload=/bin/kill -HUP $MAINPID
+User=[security_fw]
+Group=[security_fw]
 
 [Install]
 WantedBy=multi-user.target
diff --git a/packaging/nether.spec b/packaging/nether.spec
old mode 100644 (file)
new mode 100755 (executable)
index 38e1322..5775d71
--- a/packaging/nether.spec
+++ b/packaging/nether.spec
@@ -15,7 +15,8 @@ This is a network privilege enforcing service.
 
 %files
 %defattr(644,root,root,755)
-%caps(cap_sys_admin,cap_mac_override=ei) %attr(755,root,root) %{_bindir}/nether
+#%caps(cap_sys_admin,cap_mac_override=ei) 
+%attr(755,root,root) %{_bindir}/nether
 %dir %{_sysconfdir}/nether
 %config %{_sysconfdir}/nether/file.policy
 %config %{_sysconfdir}/nether/nether.rules
Domain: Security / Access Control;