Revert "Add smackfsroot, smackfsdef in mount options of ecryptfs"

author Sungbae Yoo <sungbae.yoo@samsung.com>

Wed, 9 Aug 2017 07:13:09 +0000 (16:13 +0900)

committer Sungbae Yoo <sungbae.yoo@samsung.com>

Thu, 10 Aug 2017 06:41:32 +0000 (15:41 +0900)
author Sungbae Yoo <sungbae.yoo@samsung.com>
Wed, 9 Aug 2017 07:13:09 +0000 (16:13 +0900)
committer Sungbae Yoo <sungbae.yoo@samsung.com>
Thu, 10 Aug 2017 06:41:32 +0000 (15:41 +0900)
diff --git a/server/engine/encryption/ecryptfs-engine.cpp b/server/engine/encryption/ecryptfs-engine.cpp

index 682bbdd..e0c5371 100644 (file)
--- a/server/engine/encryption/ecryptfs-engine.cpp
+++ b/server/engine/encryption/ecryptfs-engine.cpp
@@ -303,7 +303,6 @@ void ecryptfsMount(const std::string &source, const std::string &destination, co
  
         mountOption = "ecryptfs_passthrough"
                 ",ecryptfs_cipher=" CIPHER_MODE
-               ",smackfsroot=*,smackfsdef=*"
                 ",ecryptfs_sig=" + std::string((char *)payload.token.password.signature) +
                 ",ecryptfs_key_bytes=" + std::to_string(payload.token.password.sessionKeyEncryptionKeySize);
  
diff --git a/server/systemd/ode.service.in b/server/systemd/ode.service.in

index 85e19c6..2080c19 100644 (file)
--- a/server/systemd/ode.service.in
+++ b/server/systemd/ode.service.in
@@ -4,10 +4,11 @@ Before=deviced.service
  
  [Service]
  Type=simple
-SmackProcessLabel=System::Privileged
+SmackProcessLabel=System
  ExecStart=@BIN_DIR@/@PROJECT_NAME@d
  Restart=on-failure
  ExecReload=/bin/kill -HUP $MAINPID
+CapabilityBoundingSet=~CAP_MAC_ADMIN
  CapabilityBoundingSet=~CAP_MAC_OVERRIDE
  EnvironmentFile=/run/tizen-system-env
  EnvironmentFile=/run/xdg-root-env
author	Sungbae Yoo <sungbae.yoo@samsung.com>
	Wed, 9 Aug 2017 07:13:09 +0000 (16:13 +0900)
committer	Sungbae Yoo <sungbae.yoo@samsung.com>
	Thu, 10 Aug 2017 06:41:32 +0000 (15:41 +0900)
server/engine/encryption/ecryptfs-engine.cpp		patch \| blob \| history
server/systemd/ode.service.in		patch \| blob \| history