Totally remove dependensy on root permission

author Vyacheslav Cherkashin <v.cherkashin@samsung.com>

Wed, 23 Aug 2017 15:42:47 +0000 (18:42 +0300)

committer Vyacheslav Cherkashin <v.cherkashin@samsung.com>

Wed, 23 Aug 2017 15:42:47 +0000 (18:42 +0300)
author Vyacheslav Cherkashin <v.cherkashin@samsung.com>
Wed, 23 Aug 2017 15:42:47 +0000 (18:42 +0300)
committer Vyacheslav Cherkashin <v.cherkashin@samsung.com>
Wed, 23 Aug 2017 15:42:47 +0000 (18:42 +0300)
diff --git a/scripts/swap_module.sh b/scripts/swap_module.sh

index b4e36a8..fab636d 100755 (executable)
--- a/scripts/swap_module.sh
+++ b/scripts/swap_module.sh
@@ -76,10 +76,6 @@ unload_modules() {
  
  enable_modules() {
         /bin/echo 1 > /sys/kernel/debug/swap/enable
-       /bin/chown -R system:system /sys/kernel/debug/swap
-
-       /usr/bin/chsmack -r -a System::Privileged /sys/kernel/debug/swap
-       /usr/bin/chsmack -a System::Privileged /dev/swap_device
  }
  
  disable_modules() {
diff --git a/systemd/99-swap_dev.rules b/systemd/99-swap_dev.rules

index aaff1be..532cd2a 100644 (file)
--- a/systemd/99-swap_dev.rules
+++ b/systemd/99-swap_dev.rules
@@ -1,2 +1 @@
-KERNEL=="swap_device", OWNER="system", GROUP="system"
-
+KERNEL=="swap_device", OWNER="system_fw", GROUP="system_fw"
diff --git a/systemd/swap.conf b/systemd/swap.conf

index 3ad7d1c..16c21f3 100644 (file)
--- a/systemd/swap.conf
+++ b/systemd/swap.conf
@@ -1,9 +1,9 @@
  # setup /tmp/da
-d /tmp/da 0777 system system -
+d /tmp/da 0777 system_fw system_fw -
  t /tmp/da - - - - security.SMACK64=_
  
  # setup /tmp/port.da
-f /tmp/port.da 0644 system system -
+f /tmp/port.da 0644 system_fw system_fw -
  t /tmp/port.da - - - - security.SMACK64=System::Shared
  
  # setup /tmp/swap_manager.pid
@@ -11,5 +11,5 @@ f /tmp/swap_manager.pid 0644 root root -
  t /tmp/swap_manager.pid - - - - security.SMACK64=System::Shared
  
  # setup /tmp/swap/
-d /tmp/swap 0777 system system -
+d /tmp/swap 0777 system_fw system_fw -
  t /tmp/swap - - - - security.SMACK64=System::Privileged
diff --git a/systemd/swap_manager.service b/systemd/swap_manager.service

index 80b0ed0..bd03ada 100644 (file)
--- a/systemd/swap_manager.service
+++ b/systemd/swap_manager.service
@@ -6,8 +6,8 @@ Description=swap_manager service
  Type=notify
  NotifyAccess=main
  
-User=system
-Group=system_share
+User=system_fw
+Group=system_fw
  
  SmackProcessLabel=System
  Sockets=swap_manager.socket
diff --git a/systemd/swap_module.service b/systemd/swap_module.service

index 603626b..7592b1d 100644 (file)
--- a/systemd/swap_module.service
+++ b/systemd/swap_module.service
@@ -3,8 +3,9 @@ Description=The SWAP modules service
  
  [Service]
  Type=oneshot
-User=root
-Group=root
+User=system_fw
+Group=system_fw
+SmackProcessLabel=System::Privileged
  
  # $(/bin/cat /tmp/swap/module) - get command
  ExecStart=/bin/sh -c '/usr/bin/swap_module.sh $(/bin/cat /tmp/swap/module)'
author	Vyacheslav Cherkashin <v.cherkashin@samsung.com>
	Wed, 23 Aug 2017 15:42:47 +0000 (18:42 +0300)
committer	Vyacheslav Cherkashin <v.cherkashin@samsung.com>
	Wed, 23 Aug 2017 15:42:47 +0000 (18:42 +0300)
scripts/swap_module.sh		patch \| blob \| history
systemd/99-swap_dev.rules		patch \| blob \| history
systemd/swap.conf		patch \| blob \| history
systemd/swap_manager.service		patch \| blob \| history
systemd/swap_module.service		patch \| blob \| history