Currently, xdelta3 has CAP_DAC_OVERRIDE itself by file capability.
This is security hole, because attacker can modify any files using
xdelta3. To prevent this problem, make xdelta3 have CAP_DAC_OVERRIDE
only by inheriting from server.
Change-Id: I76f9416cff0c8b2e54c18093c162f6044c399245
Signed-off-by: Sangyoon Jang <s89.jang@samsung.com>
User=app_fw
Group=app_fw
SmackProcessLabel=System
+# CAP_DAC_OVERRIDE should be inheritable for using xdelta3
+Capabilities=cap_dac_override=i
+SecureBits=keep-caps
ExecStart=@PREFIX@/bin/pkgmgr-server