>> We are using Smack to provide application isolation. The launcher needs to set the Smack label
>> of the application. Setting the Smack label of a process requires
privilege. If there were no
>> launcher involved (if the program were exec()ed) we could use the
SMACK64EXEC behavior to achieve
>> this. Since there is a launcher, and the launcher does not use exec() the launcher requires
>> privilege.
>But this doesn't require root, just a capability attribute for the
>launcher binary itself to permit this just for the launcher? And the
>launcher can be fired up as part of the session and will gain the
>capability from the filesystem attribute rather than through process
>inheritance?
Maybe it is possible to just set the capability instead of root. According to the current functionality, following capabilities may be needed:
- SMACK labeling / setuid() : maybe CAP_DAC_OVERRIDE/CAP_DAC_READ_SEARCH/CAP_CHOWN ?
- chroot() for legacy app : CAP_SYS_CHROOT
- directory mount : CAP_SYS_ADMIN
I am not quite sure if another capability is needed or not.
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
