From: jin-gyu.kim <jin-gyu.kim@samsung.com>
Date: Fri, 20 Oct 2017 03:02:30 +0000 (+0900)
Subject: Give cap_sys_admin to dotnet-launcher and wrt-loader.
X-Git-Tag: submit/tizen/20171026.082412^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5167d2a2213a7978d34bf5f1e2762936a60e8e8b;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git

Give cap_sys_admin to dotnet-launcher and wrt-loader.

Change-Id: I4956bd116cd8f15649ef4bf3ef66622b3c69f0f9
---

diff --git a/config/set_capability b/config/set_capability
index 4af1088..76f23fb 100755
--- a/config/set_capability
+++ b/config/set_capability
@@ -427,13 +427,14 @@ fi
 # Required              cap_mac_admin, cap_setgid
 # cap_mac_admin		to change app process smack label (need for VD)
 # cap_setgid		to change app process gid
+# cap_sys_admin		to split mount namespace
 
 if [ -e "/usr/bin/dotnet-launcher" ]
-then /usr/sbin/setcap cap_mac_admin,cap_setgid=ei /usr/bin/dotnet-launcher
+then /usr/sbin/setcap cap_mac_admin,cap_setgid,cap_sys_admin=ei /usr/bin/dotnet-launcher
 fi
 
 if [ -e "/usr/bin/scd-launcher" ]
-then /usr/sbin/setcap cap_mac_admin,cap_setgid=ei /usr/bin/scd-launcher
+then /usr/sbin/setcap cap_mac_admin,cap_setgid,cap_sys_admin=ei /usr/bin/scd-launcher
 fi
 
 # Package               platform/core/telephony/telephony-daemon
@@ -507,9 +508,10 @@ fi
 # Required              cap_sys_admin, cap_setgid
 # cap_sys_admin		to mount ( TODO : need to be checked) => removed as it is not needed.
 # cap_setgid		to change process gid
+# cap_sys_admin		to split mount namespace
 
 if [ -e "/usr/bin/wrt-loader" ]
-then /usr/sbin/setcap cap_setgid=ei /usr/bin/wrt-loader
+then /usr/sbin/setcap cap_setgid,cap_sys_admin=ei /usr/bin/wrt-loader
 fi
 
 # Package               platform/core/connectivity/wifi-direct-manager