- "/usr/bin/cat" should has "cap_sys_ptrace" to read "/proc/[pid]/stack".
- Working with UID & GID as "graphic_fw" and SMACK label as "System."
Change-Id: I0142d8196ac9808351c3bf89ef06f6463f0c1012
then /usr/sbin/setcap cap_sys_admin=ei /usr/bin/session-bind
fi
+# Package product/upstream/coreutils
+# Date Sep 10, 2018
+# Required cap_sys_ptrace
+# cap_sys_ptrace To read /proc/[pid]/stack
+# This is requested Display module, to be used in display-manager-monitor service.
+
+if [ -e "/usr/bin/cat" ]
+then /usr/sbin/setcap cap_sys_ptrace=ei /usr/bin/cat
+fi
+
# TODO: MOVE TO OTHER SCRIPT OR REMOVE
# Requested by sooyeon.kim@samsung.com
if [ -e "/etc/skel/share/.voice" ]
/usr/bin/charon = cap_setgid,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
/usr/bin/dlog_logger = cap_syslog+ei
/usr/libexec/bluetooth/bluetoothd = cap_dac_override,cap_net_bind_service,cap_net_admin+ei
+/usr/bin/cat = cap_sys_ptrace+ei
device-policy-syspopup.service;security_fw;security_fw;System;
deviced.service;root;root;System::Privileged;
display-manager.service;root;root;System;
+display-manager-monitor.service;graphic_fw;graphic_fw;System;
dlog_logger.service;log;log;System;
download-provider.service;web_fw;web_fw;System;
emergency.service;root;root;System;
device-policy-syspopup.service;security_fw;security_fw;System;
deviced.service;root;root;System::Privileged;
display-manager.service;root;root;System;
+display-manager-monitor.service;graphic_fw;graphic_fw;System;
dlog_logger.service;log;log;System;
download-provider.service;web_fw;web_fw;System;
emergency.service;root;root;System;
projects / platform / core / security / security-config.git / commitdiff