From cc0e90a9641d6012085d6371ad310863507940e1 Mon Sep 17 00:00:00 2001 From: Nikita Ioffe Date: Wed, 14 Dec 2022 21:53:57 +0000 Subject: [PATCH] Update docs around capabilities and root processes Current documentation is misleading: if a service runs as root and doesn't specify any capabilities, then it will start with all the capabilities (note that whether it can use them is controlled by selinux). Test: n/a Bug: 249796710 Change-Id: I0d6a884127c6a6c5b651c1222fcf48322065daae --- init/README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/init/README.md b/init/README.md index f48fa6beb..957eb9e4a 100644 --- a/init/README.md +++ b/init/README.md @@ -195,8 +195,10 @@ runs the service. capability without the "CAP\_" prefix, like "NET\_ADMIN" or "SETPCAP". See http://man7.org/linux/man-pages/man7/capabilities.7.html for a list of Linux capabilities. - If no capabilities are provided, then all capabilities are removed from this service, even if it - runs as root. + If no capabilities are provided, then behaviour depends on the user the service runs under: + * if it's root, then the service will run with all the capabitilies (note: whether the + service can actually use them is controlled by selinux); + * otherwise all capabilities will be dropped. `class [ \* ]` > Specify class names for the service. All services in a @@ -410,7 +412,7 @@ runs the service. using this new mechanism, processes can use the user option to select their desired uid without ever running as root. As of Android O, processes can also request capabilities directly in their .rc - files. See the "capabilities" option below. + files. See the "capabilities" option above. `writepid [ \* ]` > Write the child's pid to the given files when it forks. Meant for