summaryrefslogtreecommitdiffstats
path: root/init
diff options
context:
space:
mode:
authorTom Cherry <tomcherry@google.com>2015-12-11 12:54:50 -0800
committerTom Cherry <tomcherry@google.com>2015-12-11 13:20:38 -0800
commitdbddb40c959ed31b9a4e9cca11f302a68035a288 (patch)
treedfa0359029a8ed26c72a3d2a3bb059bbc92f12e1 /init
parent86052a5d4f217a73c769c77f7ac0904b65e67942 (diff)
downloadcore-dbddb40c959ed31b9a4e9cca11f302a68035a288.tar.gz
core-dbddb40c959ed31b9a4e9cca11f302a68035a288.tar.bz2
core-dbddb40c959ed31b9a4e9cca11f302a68035a288.zip
Update init documentation to reflect fs_config changes
Change-Id: I00296d90c44af369a51ecb5cbb667567328f0053
Diffstat (limited to 'init')
-rw-r--r--init/readme.txt13
1 files changed, 10 insertions, 3 deletions
diff --git a/init/readme.txt b/init/readme.txt
index bf440c2b7..bacd6bdf2 100644
--- a/init/readme.txt
+++ b/init/readme.txt
@@ -109,9 +109,16 @@ socket <name> <type> <perm> [ <user> [ <group> [ <seclabel> ] ] ]
user <username>
Change to username before exec'ing this service.
Currently defaults to root. (??? probably should default to nobody)
- Currently, if your process requires linux capabilities then you cannot use
- this command. You must instead request the capabilities in-process while
- still root, and then drop to your desired uid.
+ As of Android M, processes should use this option even if they
+ require linux capabilities. Previously, to acquire linux
+ capabilities, a process would need to run as root, request the
+ capabilities, then drop to its desired uid. There is a new
+ mechanism through fs_config that allows device manufacturers to add
+ linux capabilities to specific binaries on a file system that should
+ be used instead. This mechanism is described on
+ http://source.android.com/devices/tech/config/filesystem.html. When
+ using this new mechanism, processes can use the user option to
+ select their desired uid without ever running as root.
group <groupname> [ <groupname> ]*
Change to groupname before exec'ing this service. Additional