log_dump: assign CAP_SYS_PTRACE capability

When log_dump has system_fw permission,
memps which is forked from /usr/bin/dump_systemstate can't read
/proc/self/maps and /proc/self/smaps.
It requires CAP_SYS_PTRACE capability.
So, it should have CAP_SYS_PTRACE capability and inheritance attribute.

Change-Id: If2bd16964dba8e616e4a4fcc5cd489feb4c40b21
Signed-off-by: ByungSoo Kim <bs1770.kim@samsung.com>

diff --git a/src/log_dump/log_dump.service.m4 b/src/log_dump/log_dump.service.m4
index 3e31e3d..a78d097 100644 (file)
--- a/src/log_dump/log_dump.service.m4
+++ b/src/log_dump/log_dump.service.m4
@@ -12,5 +12,8 @@ User=root
 Group=root,
 User=system_fw
 Group=system_fw
+SecureBits=keep-caps
+Capabilities=cap_sys_ptrace=eip
+CapabilityBoundingSet=CAP_SYS_PTRACE
 )
 SupplementaryGroups=log systemd-journal