diff options
author | taesub kim <taesub.kim@samsung.com> | 2017-06-22 17:49:20 +0900 |
---|---|---|
committer | taesub kim <taesub.kim@samsung.com> | 2017-07-20 15:51:29 +0900 |
commit | e4544ee49501928e15c2174d1e4936dc6ff7d97e (patch) | |
tree | fc25dab6d28a737344467b8924e0667bcb5adae7 /vpn | |
parent | ce407f97aed0fdba65b5d881ef19cd7ee5e7abeb (diff) | |
download | connman-e4544ee49501928e15c2174d1e4936dc6ff7d97e.tar.gz connman-e4544ee49501928e15c2174d1e4936dc6ff7d97e.tar.bz2 connman-e4544ee49501928e15c2174d1e4936dc6ff7d97e.zip |
Migrate root daemon to non rootsubmit/tizen/20170724.063335
Change-Id: I0d0afacc8a11fadc8128f6eef3f64f7a4ca8675b
Signed-off-by: Taesub Kim <taesub.kim@samsung.com>
Diffstat (limited to 'vpn')
-rwxr-xr-x | vpn/connman-vpn.service.in | 8 | ||||
-rwxr-xr-x | vpn/net.connman.vpn.service.in | 3 | ||||
-rwxr-xr-x | vpn/vpn-dbus.conf | 6 | ||||
-rwxr-xr-x | vpn/vpn-polkit.conf | 4 |
4 files changed, 17 insertions, 4 deletions
diff --git a/vpn/connman-vpn.service.in b/vpn/connman-vpn.service.in index 6cc59cbc..a4c294ec 100755 --- a/vpn/connman-vpn.service.in +++ b/vpn/connman-vpn.service.in @@ -5,12 +5,14 @@ After=dbus.socket [Service] Type=dbus +User=network_fw +Group=network_fw BusName=net.connman.vpn SmackProcessLabel=System -ExecStart=@sbindir@/connman-vpnd -n +ExecStart=@bindir@/connman-vpnd -n StandardOutput=null -CapabilityBoundingSet=~CAP_MAC_ADMIN -CapabilityBoundingSet=~CAP_MAC_OVERRIDE +Capabilities=cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw=i +SecureBits=keep-caps [Install] WantedBy=multi-user.target diff --git a/vpn/net.connman.vpn.service.in b/vpn/net.connman.vpn.service.in index 8dcf2544..8ce55c20 100755 --- a/vpn/net.connman.vpn.service.in +++ b/vpn/net.connman.vpn.service.in @@ -1,5 +1,6 @@ [D-BUS Service] Name=net.connman.vpn Exec=/bin/false -User=root +User=network_fw +Group=network_fw SystemdService=connman-vpn.service diff --git a/vpn/vpn-dbus.conf b/vpn/vpn-dbus.conf index 5b44017b..7b7b6d19 100755 --- a/vpn/vpn-dbus.conf +++ b/vpn/vpn-dbus.conf @@ -4,6 +4,12 @@ <policy user="root"> <allow own="net.connman.vpn"/> <allow send_destination="net.connman.vpn"/> + <allow send_interface="net.connman.vpn.Agent"/> + </policy> + <policy user="network_fw"> + <allow own="net.connman.vpn"/> + <allow send_destination="net.connman.vpn"/> + <allow send_interface="net.connman.vpn.Agent"/> </policy> <policy at_console="true"> <allow send_destination="net.connman.vpn"/> diff --git a/vpn/vpn-polkit.conf b/vpn/vpn-polkit.conf index a1dc6177..237d21be 100755 --- a/vpn/vpn-polkit.conf +++ b/vpn/vpn-polkit.conf @@ -5,6 +5,10 @@ <allow own="net.connman.vpn"/> <allow send_interface="net.connman.vpn.Agent"/> </policy> + <policy user="network_fw"> + <allow own="net.connman.vpn"/> + <allow send_interface="net.connman.vpn.Agent"/> + </policy> <policy context="default"> <allow send_destination="net.connman.vpn"/> </policy> |