PATH=/bin:/usr/bin:/sbin:/usr/sbin
function add_missing_caps {
- # launchpad needs additional caps, re-setting them here with additional cap_setuid
+ # Launchpad needs additional caps. Re-setting them here with additional cap_setuid for the
+ # purpose of security-config development (rpm postinstall).
if [ -e "/usr/bin/launchpad-process-pool" ]
then
- existing_caps=`/usr/sbin/getcap /usr/bin/launchpad-process-pool | cut -f2- -d" "`
- /usr/sbin/setcap "${existing_caps} cap_setuid=eip" /usr/bin/launchpad-process-pool
+ existing_caps=`/usr/sbin/getcap /usr/bin/launchpad-process-pool | cut -f2 -d" " | cut -f1 -d"="`
+ /usr/sbin/setcap "${existing_caps},cap_setuid=eip" /usr/bin/launchpad-process-pool
fi
}
echo 'add_services_to_system_access_group "${services[@]}"'
echo 'add_missing_caps'
echo 'give_rx_to_others'
+
+
+function update_set_capability_script {
+ # Launchpad needs additional caps. updating the set_capability script that is executed by *.ks
+ # file during image creation (after rpms are installed) and is tested with
+ # test/capability_test/check_new_capabilites.sh afterwards
+ SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+
+ sed -ri 's/(\/usr\/sbin\/setcap\s+)(.+ \/usr\/bin\/launchpad-process-pool)/\1 cap_setuid,\2/' "$SCRIPT_DIR/set_capability"
+ sed -ri 's/(# Required\s+\/usr\/bin\/launchpad-process-pool\s+:)(.+)$/\1 cap_setuid,\2/' "$SCRIPT_DIR/set_capability"
+}
+
+update_set_capability_script
\ No newline at end of file
# Package platform/core/appfw/launchpad
# Owner Junghoon Park(jh9216.park@samsung.com)
# Date July 4, 2017
-# Required /usr/bin/launchpad-process-pool : cap_mac_admin, cap_dac_override, cap_setgid, cap_sys_admin, cap_sys_nice, cap_sys_chroot : ei
+# Required /usr/bin/launchpad-process-pool : cap_mac_admin, cap_dac_override, cap_setgid, cap_sys_admin, cap_sys_nice, cap_sys_chroot : eip
# Required /usr/bin/launchpad-loader : cap_sys_admin,cap_sys_nice,cap_setgid : ei
# cap_mac_admin to use security_manager_prepare_app()
# cap_dac_override fd redirection in debug mode of app running
# cap_sys_chroot to use setns()
if [ -e "/usr/bin/launchpad-process-pool" ]
-then /usr/sbin/setcap cap_sys_admin,cap_sys_nice,cap_mac_admin,cap_dac_override,cap_setgid,cap_sys_chroot=ei /usr/bin/launchpad-process-pool
+then /usr/sbin/setcap cap_sys_admin,cap_sys_nice,cap_mac_admin,cap_dac_override,cap_setgid,cap_sys_chroot=eip /usr/bin/launchpad-process-pool
fi
# TODO : condition check about launchpad-starter is temporary
projects / platform / core / security / security-config.git / commitdiff