From 76435ed70ae7a99409f1d94d39a183edc5a24bbb Mon Sep 17 00:00:00 2001 From: Mateusz Moscicki Date: Fri, 20 May 2022 14:00:35 +0200 Subject: [PATCH] Change the user of update-manager.service to root During the upgrade the service must run the delta.ua program supplied in the delta.tar file to correctly execute the entire process. Thus, it's infeasible to depend on POSIX file capabilities as the delta.ua from upgrade package (delta.tar) will not have it. This leaves us with either (1) need to apply needed caps in runtime (de facto requiring super privileges for the process controlling this action), or (2) simplifying the process and changing the user of update-manager to root. This commit implements (2) option as, in practice, this program is responsible for flashing complete platform images so it effectively has every permission possible (as it can flash any data of its choosing) Change-Id: I33477c7a9981fb59effd1846c8733ff8e77c752b (cherry picked from commit 1947ff870e848333d155f375ff5aaa6bcb0c30db) --- packaging/update-manager.conf | 4 ++-- packaging/update-manager.service | 6 ++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/packaging/update-manager.conf b/packaging/update-manager.conf index 3ac2fa7..cd79be4 100644 --- a/packaging/update-manager.conf +++ b/packaging/update-manager.conf @@ -2,7 +2,7 @@ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> - + @@ -12,4 +12,4 @@ - \ No newline at end of file + diff --git a/packaging/update-manager.service b/packaging/update-manager.service index 6532e7a..d2ee157 100644 --- a/packaging/update-manager.service +++ b/packaging/update-manager.service @@ -4,11 +4,9 @@ After=ac.service Requires=ac.service [Service] -User=system_fw -Group=system_fw +User=root +Group=root Type=simple -Capabilities=cap_sys_admin,cap_dac_override=i -SecureBits=keep-caps SmackProcessLabel=System ExecStart=/usr/bin/update-manager Restart=on-failure -- 2.34.1