# Required cap_kill, cap_dac_override
# cap_kill to kill app process
# cap_dac_override to access wayland and app socket, to check private sharing path
+# cap_sys_admin to use mount namespace
if [ -e "/usr/bin/amd" ] && [ "$(/usr/bin/rpm -qa | /usr/bin/grep amd-mod-launchpad)" == "" ]
-then /usr/sbin/setcap cap_kill,cap_dac_override=ep /usr/bin/amd
+then /usr/sbin/setcap cap_kill,cap_dac_override,cap_sys_admin=ei /usr/bin/amd
fi
# This is needed for headless profile.
if [ -e "/usr/bin/amd" ] && [ "$(/usr/bin/rpm -qa | /usr/bin/grep amd-mod-launchpad)" != "" ]
-then /usr/sbin/setcap cap_setuid,cap_setgid,cap_mac_admin,cap_kill,cap_dac_override=eip /usr/bin/amd
+then /usr/sbin/setcap cap_setuid,cap_setgid,cap_mac_admin,cap_kill,cap_dac_override,cap_sys_admin=ei /usr/bin/amd
fi
# Package platform/framework/web/crosswalk-tizen
/usr/bin/csr-server = cap_dac_override,cap_fowner+eip
/usr/bin/pkgmgr-server = cap_chown,cap_dac_override,cap_fsetid,cap_kill,cap_setgid,cap_setuid+eip
/usr/bin/muse-server = cap_dac_override+eip
-/usr/bin/amd = cap_dac_override,cap_kill+ep
+/usr/bin/amd = cap_dac_override,cap_kill,cap_setgid,cap_setuid,cap_sys_admin,cap_mac_admin+ei
+/usr/bin/amd = cap_dac_override,cap_kill,cap_sys_admin+ei
/usr/bin/wrt-loader = cap_setgid,cap_sys_admin+ei
/usr/bin/tpk-backend = cap_chown,cap_dac_override,cap_fowner+eip
/usr/bin/launchpad-loader = cap_setgid,cap_sys_admin+ei
projects / platform / core / security / security-config.git / commitdiff