Closed
Bug 939370
Opened 11 years ago
Closed 11 years ago
Change oom-msg-logger to run as root
Categories
(Firefox OS Graveyard :: General, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dhylands, Assigned: dhylands)
References
Details
Attachments
(1 file)
606 bytes,
patch
|
mwu
:
review+
|
Details | Diff | Splinter Review |
Currently, init.b2g.rc has oom-msg-logger running as uid=shell gid=system. Even though /proc/kmsg has the following permissions: -r--r----- root system 0 2013-11-15 19:10 kmsg Trying to read from /proc/kmsg while running as non-root yields: /system/bin/oom-msg-logger[13]: can't open /proc/kmsg: Operation not permitted It turns out that you need to have the CAP_SYSLOG capability to open /proc/kmsg. The documentation from android'd init.rc language says this: user <username> Change to username before exec'ing this service. Currently defaults to root. (??? probably should default to nobody) Currently, if your process requires linux capabilities then you cannot use this command. You must instead request the capabilities in-process while still root, and then drop to your desired uid. so basically, there is no way to even assign the capability unless you're root. So this change makes oom-msg-logger run as root. I'm going to file a followup bug that will suggest rewriting oom-msg-logger in C or C++ so that it can start as root, and give itself the CAP_SYSLOG capability and then set its uid/gid down to shell/system.
Assignee | ||
Comment 1•11 years ago
|
||
Attachment #833300 -
Flags: review?(mwu)
Comment 2•11 years ago
|
||
Comment on attachment 833300 [details] [diff] [review] 0001-Bug-939370-Make-oom-msg-logger-run-as-root-so-that-i.patch Thanks for figuring this out.
Attachment #833300 -
Flags: review?(mwu) → review+
Assignee | ||
Comment 3•11 years ago
|
||
https://github.com/mozilla-b2g/gonk-misc/commit/95dc65e545f79024c41d9b57a5ac9ee78e6f6710
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Updated•10 years ago
|
Assignee: nobody → dhylands
You need to log in
before you can comment on or make changes to this bug.
Description
•