Add cap_sys_resource to /usr/bin/pass

- Add cap_sys_resource to /usr/bin/pass
- SECSFV-267

Change-Id: I211b2d2889bb222a65d8c063f107bf91e025b006
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>

diff --git a/config/set_capability b/config/set_capability
index 8189fb8f92d95cc61a8ea7ce1bde6b4cc74ef03b..b28b271aceef2733888efae2d0b6e4764ef7ea0a 100755 (executable)
--- a/config/set_capability
+++ b/config/set_capability
@@ -959,12 +959,13 @@ fi
 
 # Package              platform/core/system/pass
 # Date                 Feb 23, 2022
-# Required             /usr/bin/pass : cap_net_admin,cap_sys_ptrace : ei
+# Required             /usr/bin/pass : cap_net_admin,cap_sys_ptrace,cap_sys_resource : ei
 # cap_net_admin                To use Netlink interface
 # cap_sys_ptrace       To access procfs
+# cap_sys_resource     To use memory PSI (/proc/pressure/memory)
 
 if [ -e "/usr/bin/pass" ]
-then /usr/sbin/setcap cap_net_admin,cap_sys_ptrace=ei /usr/bin/pass
+then /usr/sbin/setcap cap_net_admin,cap_sys_ptrace,cap_sys_resource=ei /usr/bin/pass
 fi
 
 # These are not related with the capability, but place here to run in generic-security.post