From 013a8ad6571e11473e425da38141935b4f28a5b0 Mon Sep 17 00:00:00 2001 From: Hwankyu Jhun Date: Thu, 19 Sep 2024 10:46:36 +0900 Subject: [PATCH] Add capability for the lux Currently, the launchpad-process-pool has a problem about creating children processes. Because, there are many threads in the launchpad-process-pool. If the sub thread tries to allocate the memory or calling getenv() when the main thread is calling fork(), it makes the deadlock issue of the children processes. The lux is a children process of the launchpad-process-pool to create children processes for applications. (The lux is a single thread process.) Change-Id: I20d7ce82b77af226bda0e59b8690896245b64580 Signed-off-by: Hwankyu Jhun --- config/set_capability | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/config/set_capability b/config/set_capability index 3fbc0d5..216a22e 100755 --- a/config/set_capability +++ b/config/set_capability @@ -1007,3 +1007,18 @@ if [ -e /usr/share/security-config/update_privacy_mount_list.sh ] && [ -e /usr/s then /usr/share/security-config/update_privacy_mount_list.sh fi + +# Package platform/core/appfw/launchpad +# Owner Junghoon Park(jh9216.park@samsung.com) +# Date Sep 19, 2024 +# Required /usr/bin/lux : cap_mac_admin, cap_dac_override, cap_setgid, cap_sys_admin, cap_sys_nice, cap_sys_chroot : ei +# cap_mac_admin to use security_manager_prepare_app2() +# cap_dac_override fd redirection in debug mode of app running +# cap_setgid to use security_manager_prepare_app() +# cap_sys_admin to split mount namespace +# cap_sys_nice to change scheduling priority +# cap_sys_chroot to use setns() + +if [ -e "/usr/bin/lux" ] +then /usr/sbin/setcap cap_sys_admin,cap_sys_nice,cap_mac_admin,cap_dac_override,cap_setgid,cap_sys_chroot=ei /usr/bin/lux +fi -- 2.34.1