From: Mateusz Moscicki Date: Fri, 20 May 2022 12:00:35 +0000 (+0200) Subject: Change the user of update-manager.service to root X-Git-Tag: submit/tizen/20220630.103030~6 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1947ff870e848333d155f375ff5aaa6bcb0c30db;p=platform%2Fcore%2Fsystem%2Fupdate-control.git Change the user of update-manager.service to root During the upgrade the service must run the delta.ua program supplied in the delta.tar file to correctly execute the entire process. Thus, it's infeasible to depend on POSIX file capabilities as the delta.ua from upgrade package (delta.tar) will not have it. This leaves us with either (1) need to apply needed caps in runtime (de facto requiring super privileges for the process controlling this action), or (2) simplifying the process and changing the user of update-manager to root. This commit implements (2) option as, in practice, this program is responsible for flashing complete platform images so it effectively has every permission possible (as it can flash any data of its choosing) Change-Id: I33477c7a9981fb59effd1846c8733ff8e77c752b --- diff --git a/packaging/update-manager.conf b/packaging/update-manager.conf index 3ac2fa7..cd79be4 100644 --- a/packaging/update-manager.conf +++ b/packaging/update-manager.conf @@ -2,7 +2,7 @@ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> - + @@ -12,4 +12,4 @@ - \ No newline at end of file + diff --git a/packaging/update-manager.service b/packaging/update-manager.service index 6532e7a..d2ee157 100644 --- a/packaging/update-manager.service +++ b/packaging/update-manager.service @@ -4,11 +4,9 @@ After=ac.service Requires=ac.service [Service] -User=system_fw -Group=system_fw +User=root +Group=root Type=simple -Capabilities=cap_sys_admin,cap_dac_override=i -SecureBits=keep-caps SmackProcessLabel=System ExecStart=/usr/bin/update-manager Restart=on-failure