From dbddb40c959ed31b9a4e9cca11f302a68035a288 Mon Sep 17 00:00:00 2001 From: Tom Cherry Date: Fri, 11 Dec 2015 12:54:50 -0800 Subject: Update init documentation to reflect fs_config changes Change-Id: I00296d90c44af369a51ecb5cbb667567328f0053 --- init/readme.txt | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'init') diff --git a/init/readme.txt b/init/readme.txt index bf440c2b7..bacd6bdf2 100644 --- a/init/readme.txt +++ b/init/readme.txt @@ -109,9 +109,16 @@ socket [ [ [ ] ] ] user Change to username before exec'ing this service. Currently defaults to root. (??? probably should default to nobody) - Currently, if your process requires linux capabilities then you cannot use - this command. You must instead request the capabilities in-process while - still root, and then drop to your desired uid. + As of Android M, processes should use this option even if they + require linux capabilities. Previously, to acquire linux + capabilities, a process would need to run as root, request the + capabilities, then drop to its desired uid. There is a new + mechanism through fs_config that allows device manufacturers to add + linux capabilities to specific binaries on a file system that should + be used instead. This mechanism is described on + http://source.android.com/devices/tech/config/filesystem.html. When + using this new mechanism, processes can use the user option to + select their desired uid without ever running as root. group [ ]* Change to groupname before exec'ing this service. Additional -- cgit v1.2.3