projects / platform / upstream / connman.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 04bfa23)
Revert "Change attribute for connmand and set uid/gid into service" 25/98025/1
authorseonah moon <seonah1.moon@samsung.com>
Wed, 16 Nov 2016 01:42:25 +0000 (17:42 -0800)
committerseonah moon <seonah1.moon@samsung.com>
Wed, 16 Nov 2016 01:42:25 +0000 (17:42 -0800)
This reverts commit 04bfa23db4a121adcd17c35bb1d9378cebc66b51.

Change-Id: I1af9c34aed1496757f20cf1dc0411afc744bc990

packaging/connman.spec patch | blob | history
src/connman.service.in patch | blob | history
vpn/connman-vpn.service.in patch | blob | history

diff --git a/packaging/connman.spec b/packaging/connman.spec
index 0f2e5fe..b37b135 100755 (executable)
--- a/packaging/connman.spec
+++ b/packaging/connman.spec
@@ -208,14 +208,14 @@ systemctl daemon-reload
 
 %files
 %manifest connman.manifest
-%attr(755,root,root) %{_sbindir}/*
+%attr(500,root,root) %{_sbindir}/*
 %attr(500,root,root) %{_bindir}/connmanctl
-%attr(600,network_fw,network_fw) /%{_localstatedir}/lib/connman/settings
+%attr(600,root,root) /%{_localstatedir}/lib/connman/settings
 #%{_libdir}/connman/plugins/*.so
 %attr(644,root,root) %{_datadir}/dbus-1/system-services/*
 #%{_datadir}/dbus-1/services/*
 %{_sysconfdir}/dbus-1/system.d/*
-%attr(644,network_fw,network_fw) %{_sysconfdir}/connman/main.conf
+%attr(644,root,root) %{_sysconfdir}/connman/main.conf
 %{_sysconfdir}/dbus-1/system.d/*.conf
 %attr(644,root,root) %{_libdir}/systemd/system/connman.service
 %attr(644,root,root) %{_libdir}/systemd/system/multi-user.target.wants/connman.service
diff --git a/src/connman.service.in b/src/connman.service.in
index 003b110..3bc442a 100755 (executable)
--- a/src/connman.service.in
+++ b/src/connman.service.in
@@ -9,9 +9,9 @@ BusName=net.connman
 Restart=on-failure
 SmackProcessLabel=System
 ExecStart=@sbindir@/connmand -n --noplugin vpn
-User=network_fw
-Group=network_fw
 StandardOutput=null
+CapabilityBoundingSet=~CAP_MAC_ADMIN
+CapabilityBoundingSet=~CAP_MAC_OVERRIDE
 
 [Install]
 WantedBy=multi-user.target
diff --git a/vpn/connman-vpn.service.in b/vpn/connman-vpn.service.in
index eb75ae4..6cc59cb 100755 (executable)
--- a/vpn/connman-vpn.service.in
+++ b/vpn/connman-vpn.service.in
@@ -8,9 +8,9 @@ Type=dbus
 BusName=net.connman.vpn
 SmackProcessLabel=System
 ExecStart=@sbindir@/connman-vpnd -n
-User=network_fw
-Group=network_fw
 StandardOutput=null
+CapabilityBoundingSet=~CAP_MAC_ADMIN
+CapabilityBoundingSet=~CAP_MAC_OVERRIDE
 
 [Install]
 WantedBy=multi-user.target
Domain: Network & Connectivity / Data Network;