init appears to have a capability option which I assume was intended to allow this, but it doesn't look like it was ever implemented.
In a private communication with another developer, that person expressed reluctance to allow this feature for fear of it being used inappropriately. However if you are still really interested you could propose it on android-contrib@ and/or upload a CL to system/core. I'm not sure it would be approved; it may be worth a try. A workaround of course is to run it as root, then it immediately drops it's capabilities and uid. On Friday, September 27, 2013 6:07:22 PM UTC-7, Fei Yang wrote: > > I want to enable some capabilities for a particular service started by > Android init. However, all thread capabilities are cleared after execve(). > And it seems like kernel determines thread capabilities in conjunction with > file capabilities, since the file doesn't have capability attribute set, > the thread ends up with no capability set at all. > Does anyone know if it's possible at all to start a service with some > capabilities inherited after execve()? > Any idea is appreciated. > > -Fei > -- -- unsubscribe: android-kernel+unsubscr...@googlegroups.com website: http://groups.google.com/group/android-kernel --- You received this message because you are subscribed to the Google Groups "Android Linux Kernel Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-kernel+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
