diff options
author | Tom Cherry <tomcherry@google.com> | 2015-12-11 12:54:50 -0800 |
---|---|---|
committer | Tom Cherry <tomcherry@google.com> | 2015-12-11 13:20:38 -0800 |
commit | dbddb40c959ed31b9a4e9cca11f302a68035a288 (patch) | |
tree | dfa0359029a8ed26c72a3d2a3bb059bbc92f12e1 /init | |
parent | 86052a5d4f217a73c769c77f7ac0904b65e67942 (diff) | |
download | core-dbddb40c959ed31b9a4e9cca11f302a68035a288.tar.gz core-dbddb40c959ed31b9a4e9cca11f302a68035a288.tar.bz2 core-dbddb40c959ed31b9a4e9cca11f302a68035a288.zip |
Update init documentation to reflect fs_config changes
Change-Id: I00296d90c44af369a51ecb5cbb667567328f0053
Diffstat (limited to 'init')
-rw-r--r-- | init/readme.txt | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/init/readme.txt b/init/readme.txt index bf440c2b7..bacd6bdf2 100644 --- a/init/readme.txt +++ b/init/readme.txt @@ -109,9 +109,16 @@ socket <name> <type> <perm> [ <user> [ <group> [ <seclabel> ] ] ] user <username> Change to username before exec'ing this service. Currently defaults to root. (??? probably should default to nobody) - Currently, if your process requires linux capabilities then you cannot use - this command. You must instead request the capabilities in-process while - still root, and then drop to your desired uid. + As of Android M, processes should use this option even if they + require linux capabilities. Previously, to acquire linux + capabilities, a process would need to run as root, request the + capabilities, then drop to its desired uid. There is a new + mechanism through fs_config that allows device manufacturers to add + linux capabilities to specific binaries on a file system that should + be used instead. This mechanism is described on + http://source.android.com/devices/tech/config/filesystem.html. When + using this new mechanism, processes can use the user option to + select their desired uid without ever running as root. group <groupname> [ <groupname> ]* Change to groupname before exec'ing this service. Additional |