From: Jin-gyu Kim <jin-gyu.kim@samsung.com>
Date: Fri, 4 Feb 2022 23:47:09 +0000 (+0900)
Subject: Add cap_sys_chroot to launchpad-process-pool
X-Git-Tag: submit/tizen/20220207.065417^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b4898a846074855165669ab3dd191a37feac7adb;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git

Add cap_sys_chroot to launchpad-process-pool

- It is needed to support "Debug Attach" used by gdbserver.

Change-Id: I1ec73238bd3b2294b6a3b1600e1460921c047a43
---

diff --git a/config/set_capability b/config/set_capability
index 5de3fcd..a059372 100755
--- a/config/set_capability
+++ b/config/set_capability
@@ -399,16 +399,17 @@ fi
 # Package               platform/core/appfw/launchpad
 # Owner                 Junghoon Park(jh9216.park@samsung.com)
 # Date                  July 4, 2017
-# Required              /usr/bin/launchpad-process-pool : cap_mac_admin, cap_dac_override, cap_setgid, cap_sys_admin, cap_sys_nice : ei
+# Required              /usr/bin/launchpad-process-pool : cap_mac_admin, cap_dac_override, cap_setgid, cap_sys_admin, cap_sys_nice, cap_sys_chroot : ei
 # Required              /usr/bin/launchpad-loader : cap_sys_admin,cap_sys_nice,cap_setgid : ei
 # cap_mac_admin		to use security_manager_prepare_app()
 # cap_dac_override      fd redirection in debug mode of app running
 # cap_setgid		to use security_manager_prepare_app()
 # cap_sys_admin		to split mount namespace
 # cap_sys_nice		to change scheduling priority
+# cap_sys_chroot	to use setns()
 
 if [ -e "/usr/bin/launchpad-process-pool" ]
-then /usr/sbin/setcap cap_sys_admin,cap_sys_nice,cap_mac_admin,cap_dac_override,cap_setgid=ei /usr/bin/launchpad-process-pool
+then /usr/sbin/setcap cap_sys_admin,cap_sys_nice,cap_mac_admin,cap_dac_override,cap_setgid,cap_sys_chroot=ei /usr/bin/launchpad-process-pool
 fi
 
 # TODO : condition check about launchpad-starter is temporary