939370 - Change oom-msg-logger to run as root

Status: RESOLVED FIXED

(Firefox OS Graveyard :: General, defect)

Description

[Dave Hylands [:dhylands]]

Currently, init.b2g.rc has oom-msg-logger running as uid=shell gid=system.

Even though /proc/kmsg has the following permissions:

-r--r----- root     system          0 2013-11-15 19:10 kmsg

Trying to read from /proc/kmsg while running as non-root yields:

/system/bin/oom-msg-logger[13]: can't open /proc/kmsg: Operation not permitted

It turns out that you need to have the CAP_SYSLOG capability to open /proc/kmsg. The documentation from android'd init.rc language says this:

user <username>
   Change to username before exec'ing this service.
   Currently defaults to root. (??? probably should default to nobody)
   Currently, if your process requires linux capabilities then you cannot use
   this command. You must instead request the capabilities in-process while
   still root, and then drop to your desired uid.

so basically, there is no way to even assign the capability unless you're root. So this change makes oom-msg-logger run as root.

I'm going to file a followup bug that will suggest rewriting oom-msg-logger in C or C++ so that it can start as root, and give itself the CAP_SYSLOG capability and then set its uid/gid down to shell/system.

Comment 1

[Dave Hylands [:dhylands]]

Attachment: 0001-Bug-939370-Make-oom-msg-logger-run-as-root-so-that-i.patch

Comment 2

[Michael Wu [:mwu]]

Comment on attachment 833300 [details] [diff] [review]
0001-Bug-939370-Make-oom-msg-logger-run-as-root-so-that-i.patch

Thanks for figuring this out.

Comment 3

[Dave Hylands [:dhylands]]

https://github.com/mozilla-b2g/gonk-misc/commit/95dc65e545f79024c41d9b57a5ac9ee78e6f6710