Make pkgdir-tool as non-root service

Use system user: app_fw
Following capabilities are required:
 - CAP_DAC_OVERRIDE, CAP_CHOWN, CAP_FOWNER

Change-Id: Id593a2e00f5c379f5b7e4facc86df6a118095c88
Signed-off-by: Sangyoon Jang <s89.jang@samsung.com>

diff --git a/packaging/app-installers.spec b/packaging/app-installers.spec
index f0a90e7..4fdad79 100644 (file)
--- a/packaging/app-installers.spec
+++ b/packaging/app-installers.spec
@@ -85,7 +85,7 @@ make %{?_smp_mflags}
 %{_datarootdir}/app-installers/plugins_list.txt
 %manifest app-installers.manifest
 %{_libdir}/libapp-installers.so*
-%attr(0750,root,root) %{_bindir}/pkgdir-tool
+%{_bindir}/pkgdir-tool
 %{_prefix}/share/dbus-1/system-services/org.tizen.pkgdir_tool.service
 %{_sysconfdir}/dbus-1/system.d/org.tizen.pkgdir_tool.conf
 %{_sysconfdir}/dbus-1/system.d/org.tizen.pkgdir_tool.conf

diff --git a/src/pkgdir_tool/org.tizen.pkgdir_tool.service b/src/pkgdir_tool/org.tizen.pkgdir_tool.service
index 4ab9665..c756789 100644 (file)
--- a/src/pkgdir_tool/org.tizen.pkgdir_tool.service
+++ b/src/pkgdir_tool/org.tizen.pkgdir_tool.service
@@ -1,5 +1,4 @@
 [D-BUS Service]
-User=root
 Name=org.tizen.pkgdir_tool
 Exec=/bin/false
 SystemdService=pkgdir-tool.service

diff --git a/src/pkgdir_tool/pkgdir-tool.service b/src/pkgdir_tool/pkgdir-tool.service
index 37eeef9..8ad1443 100644 (file)
--- a/src/pkgdir_tool/pkgdir-tool.service
+++ b/src/pkgdir_tool/pkgdir-tool.service
@@ -2,5 +2,6 @@
 Description=User Directory Creator
 
 [Service]
+User=app_fw
+Group=app_fw
 ExecStart=/usr/bin/pkgdir-tool
-CapabilityBoundingSet=~CAP_MAC_ADMIN