Add capabilities to pkg db recovery service

author Ilho Kim <ilho159.kim@samsung.com>

Mon, 30 May 2022 06:55:19 +0000 (15:55 +0900)

committer Ilho Kim <ilho159.kim@samsung.com>

Mon, 30 May 2022 06:55:19 +0000 (15:55 +0900)
author Ilho Kim <ilho159.kim@samsung.com>
Mon, 30 May 2022 06:55:19 +0000 (15:55 +0900)
committer Ilho Kim <ilho159.kim@samsung.com>
Mon, 30 May 2022 06:55:19 +0000 (15:55 +0900)
diff --git a/tool/pkg-db-recovery.service b/tool/pkg-db-recovery.service

index acf6da6..d26e37e 100644 (file)
--- a/tool/pkg-db-recovery.service
+++ b/tool/pkg-db-recovery.service
@@ -8,7 +8,9 @@ After=systemd-tmpfiles-setup.service local-fs.target
  [Service]
  Type=oneshot
  RemainAfterExit=yes
-SmackProcessLabel=System
+SmackProcessLabel=System::Privileged
+Capabilities=cap_chown,cap_dac_override,cap_fowner,cap_mac_override=i
+SecureBits=keep-caps
  ExecStart=/usr/bin/pkg-db-recovery
  
  [Install]
author	Ilho Kim <ilho159.kim@samsung.com>
	Mon, 30 May 2022 06:55:19 +0000 (15:55 +0900)
committer	Ilho Kim <ilho159.kim@samsung.com>
	Mon, 30 May 2022 06:55:19 +0000 (15:55 +0900)