Age | Commit message (Collapse) | Author | Files | Lines |
|
This fixes some issues encountered by the current
integration of the security-manager:
- its recipes is spread in too much directories (see SPEC-2092)
- its initialization should be checked (see SPEC-2091)
- the location of the database has to be changed
(see SPEC-1717 that provided a workaround)
All in one, I decided to create that ticket that summarize
the work that can be quickly achieved to answer all this
issues that are tightly coupled.
Bug-AGL: SPEC-2972
Bug-AGL: SPEC-2092
Bug-AGL: SPEC-2091
Bug-AGL: SPEC-1717
Change-Id: I7af941c25cfa1624d76c2e8f512f6535918912f0
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
|
|
It is critical for agl-sota feature
Bug-AGL: SPEC-1717
Change-Id: Ia4060721e3a092d13934d3af575199e67e356e71
Signed-off-by: Anton Gerasimov <anton.gerasimov@here.com>
|
|
gcc v7 requires include <functional> for std::function.
Bug-AGL: SPEC-1181
Change-Id: Id5deb6f5ea5c2c82ae4a26889f209e1d7619000e
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
|
|
The global user name is 'afm'
AGL-Bug: SPEC-617
Change-Id: I8b129afb333fdf0e90fde5e364ce6b56ceb5d712
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/9503
Reviewed-by: Scott Murray <scott.murray@konsulko.com>
Tested-by: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org>
ci-image-build: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org>
Reviewed-by: Matt Porter <mporter@konsulko.com>
Reviewed-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
|
|
Change-Id: Iea4f0ba83e1d93ea2e7cc5950dced714b65dd251
Signed-off-by: Ronan <ronan.lemartret@iot.bzh>
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|
|
The purpose of these changes is to make OSTree and AppFw update domains
compatible with each other. Some intergation code is also needed to deploy
initial data to writable area (see SPEC-359 in Jira).
Bug-AGL: SPEC-359
Change-Id: Iccba1e9916c569167df2922ad5e2d90cc33f06fe
Signed-off-by: Anton Gerasimov <anton@advancedtelematic.com>
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|
|
Since introduction of ambient capabilities,
systemd deprecated the use of Capabilities.
With systemd 229 activated with krogoth,
the use of Capabilities does nothing.
This commits avoids to use SecureBits and Capabilities.
It now relies on the fact that post installations are
setting the capabilities to the file:
- setcap cap_mac_override,cap_dac_override=ep afm-system-daemon
- setcap cap_mac_override,cap_mac_admin,cap_setgid=ep afm-user-daemon
Using p (permitted) instead of i (inherited) that was
previously used.
It also includes evolutions of the security model to be synchronized
with the deletion of 'User'. The recommended version to use now
is the commit 20bbb97f6d5400b126ae96ef446c3e60c7e16285.
Change-Id: Id24ce7c7651e2fdf8d66b6e8286268e7d88508a0
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Signed-off-by: Stephane Desneux <stephane.desneux@iot.bzh>
|