projects / platform / upstream / connman.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0ea98e0)
Remove capability and Change from dbus to systemd for vpn service 79/73679/1
authorhyunuktak <hyunuk.tak@samsung.com>
Thu, 9 Jun 2016 06:43:58 +0000 (15:43 +0900)
committerhyunuktak <hyunuk.tak@samsung.com>
Thu, 9 Jun 2016 06:44:00 +0000 (15:44 +0900)
Change-Id: I7ef5583cfc148b4835abec4bf57ad76369ed9b8e
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
Makefile.am patch | blob | history
packaging/connman.spec patch | blob | history
resources/usr/share/dbus-1/system-services/net.connman.service patch | blob | history
src/connman.service.in patch | blob | history
src/connman_tv.service.in patch | blob | history
src/net.connman.service.in patch | blob | history
vpn/connman-vpn.service.in patch | blob | history
vpn/net.connman.vpn.service.in patch | blob | history

diff --git a/Makefile.am b/Makefile.am
index 95761e2..5be7625 100755 (executable)
--- a/Makefile.am
+++ b/Makefile.am
@@ -63,16 +63,15 @@ endif
 
 if SYSTEMD
 systemdunitdir = @SYSTEMD_UNITDIR@
-
-systemdunit_DATA = src/connman.service
+systemdunit_DATA = src/connman.service vpn/connman-vpn.service
 
 endif
 endif
 
 service_files_sources = src/connman.service.in src/net.connman.service.in \
-                               vpn/net.connman.vpn.service.in
+                               vpn/net.connman.vpn.service.in vpn/connman-vpn.service.in
 service_files = src/connman.service src/net.connman.service \
-                               vpn/net.connman.vpn.service
+                               vpn/net.connman.vpn.service vpn/connman-vpn.service
 
 plugin_LTLIBRARIES =
 
diff --git a/packaging/connman.spec b/packaging/connman.spec
index 2ad02f6..6b59745 100755 (executable)
--- a/packaging/connman.spec
+++ b/packaging/connman.spec
@@ -4,7 +4,7 @@
 
 Name:           connman
 Version:        1.29
-Release:        9
+Release:        10
 License:        GPL-2.0+
 Summary:        Connection Manager
 Url:            http://connman.net
@@ -193,9 +193,11 @@ systemctl daemon-reload
 %{_sysconfdir}/dbus-1/system.d/*.conf
 %attr(644,root,root) %{_libdir}/systemd/system/connman.service
 %attr(644,root,root) %{_libdir}/systemd/system/multi-user.target.wants/connman.service
+%attr(644,root,root) %{_libdir}/systemd/system/connman-vpn.service
 %if "%{?_lib}" == "lib64"
 %attr(644,root,root) %{_unitdir}/connman.service
 %attr(644,root,root) %{_unitdir}/multi-user.target.wants/connman.service
+%attr(644,root,root) %{_unitdir}/connman-vpn.service
 %endif
 %{_datadir}/license/connman
 
diff --git a/resources/usr/share/dbus-1/system-services/net.connman.service b/resources/usr/share/dbus-1/system-services/net.connman.service
index d7730d8..9679c1b 100644 (file)
--- a/resources/usr/share/dbus-1/system-services/net.connman.service
+++ b/resources/usr/share/dbus-1/system-services/net.connman.service
@@ -1,5 +1,5 @@
 [D-BUS Service]
 Name=net.connman
-Exec=@sbindir@/connmand -n
+Exec=/bin/false
 User=root
-SystemdService=connman.service
\ No newline at end of file
+SystemdService=connman.service
diff --git a/src/connman.service.in b/src/connman.service.in
index adf7a62..503ec45 100755 (executable)
--- a/src/connman.service.in
+++ b/src/connman.service.in
@@ -9,6 +9,8 @@ BusName=net.connman
 Restart=on-failure
 ExecStart=@sbindir@/connmand -n --noplugin vpn
 StandardOutput=null
+CapabilityBoundingSet=~CAP_MAC_ADMIN
+CapabilityBoundingSet=~CAP_MAC_OVERRIDE
 
 [Install]
 WantedBy=multi-user.target
diff --git a/src/connman_tv.service.in b/src/connman_tv.service.in
index 2922aa8..c032846 100644 (file)
--- a/src/connman_tv.service.in
+++ b/src/connman_tv.service.in
@@ -7,6 +7,8 @@ BusName=net.connman
 RemainAfterExit=yes
 ExecStartPre=/usr/bin/dbus-send --system --dest=net.netconfig / net.netconfig.auto.activate
 ExecStart=/usr/sbin/connmand --noplugin vpn
+CapabilityBoundingSet=~CAP_MAC_ADMIN
+CapabilityBoundingSet=~CAP_MAC_OVERRIDE
 
 [Install]
 WantedBy=multi-user.target
diff --git a/src/net.connman.service.in b/src/net.connman.service.in
index f7f6a7c..9679c1b 100755 (executable)
--- a/src/net.connman.service.in
+++ b/src/net.connman.service.in
@@ -1,5 +1,5 @@
 [D-BUS Service]
 Name=net.connman
-Exec=@sbindir@/connmand -n
+Exec=/bin/false
 User=root
 SystemdService=connman.service
diff --git a/vpn/connman-vpn.service.in b/vpn/connman-vpn.service.in
index de65a70..71abb57 100755 (executable)
--- a/vpn/connman-vpn.service.in
+++ b/vpn/connman-vpn.service.in
@@ -8,6 +8,8 @@ Type=dbus
 BusName=net.connman.vpn
 ExecStart=@sbindir@/connman-vpnd -n
 StandardOutput=null
+CapabilityBoundingSet=~CAP_MAC_ADMIN
+CapabilityBoundingSet=~CAP_MAC_OVERRIDE
 
 [Install]
 WantedBy=multi-user.target
diff --git a/vpn/net.connman.vpn.service.in b/vpn/net.connman.vpn.service.in
index 9487201..8dcf254 100755 (executable)
--- a/vpn/net.connman.vpn.service.in
+++ b/vpn/net.connman.vpn.service.in
@@ -1,4 +1,5 @@
 [D-BUS Service]
 Name=net.connman.vpn
-Exec=@sbindir@/connman-vpnd -n
+Exec=/bin/false
 User=root
+SystemdService=connman-vpn.service
Domain: Network & Connectivity / Data Network;