Replace obsolete Capabilities option in user@.service with
AmbientCapabilities to provide appropriate set of capabilties for systemd
to manage user session.
According to capability set transformation rules described in
capabilities(7)
if a process with nonzero user IDs performs an execve(2) then any
capa‐ bilities that are present in its permitted and effective
sets will be cleared.
This means that for systemd running with nonzero UID (i.e. as the user
session manager) to keep permitted and effective capability
sets non-empty without setting file capabilities for systemd it is
required to use ambient capabilities.
Using file capabilities for systemd may be a wrong choice in the long
term, because different sets of capabilities may be assigned to different
user sessions.
Change-Id: I479fbbcf153737dbf88340ef4eb4be15d707a9a4
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
TasksMax=infinity
Environment=DBUS_SESSION_BUS_ADDRESS=kernel:path=/sys/fs/kdbus/%i-user/bus;unix:path=/run/user/%i/bus
Environment=XDG_RUNTIME_DIR=/run/user/%i
-Capabilities=cap_sys_admin,cap_mac_admin,cap_setgid,cap_dac_override,cap_sys_chroot=i
+AmbientCapabilities=cap_sys_admin cap_sys_nice cap_mac_admin cap_dac_override cap_setgid cap_sys_chroot
SecureBits=keep-caps
TimeoutStartSec=infinity
TimeoutStopSec=120s
projects / platform / upstream / systemd.git / commitdiff