From 8fdff569d6a976a434d0bc28f3cc71d66dd64e41 Mon Sep 17 00:00:00 2001 From: Rem01Gaming Date: Mon, 13 Nov 2023 12:24:54 +0700 Subject: [PATCH] templates: Update templates and try to get rid with `CAP_SYS_ADMIN` (#1134) - The use of CAP_SYS_ADMIN can be avoided in Kernel Manager, but cannot be avoided in Root Explorer because it's needed for mounting RW/RO. - Capabilities adjustment - Fix template typo --------- Signed-off-by: Rem01Gaming --- website/docs/public/templates/kernelmanager.root | 6 ++++-- .../templates/{rootexplore.root => rootexploler.root} | 5 +++-- 2 files changed, 7 insertions(+), 4 deletions(-) rename website/docs/public/templates/{rootexplore.root => rootexploler.root} (84%) diff --git a/website/docs/public/templates/kernelmanager.root b/website/docs/public/templates/kernelmanager.root index f36846e9..5bd44b30 100644 --- a/website/docs/public/templates/kernelmanager.root +++ b/website/docs/public/templates/kernelmanager.root @@ -6,13 +6,15 @@ "uid":0, "gid":0, "groups":[ - "ROOT" + "ROOT", + "READPROC" ], "capabilities":[ - "CAP_SYS_ADMIN", + "CAP_SYS_MODULE", "CAP_SYS_NICE", "CAP_SYS_RESOURCE", "CAP_KILL", + "CAP_SYSLOG", "CAP_PERFMON" ], "context":"u:r:su:s0", diff --git a/website/docs/public/templates/rootexplore.root b/website/docs/public/templates/rootexploler.root similarity index 84% rename from website/docs/public/templates/rootexplore.root rename to website/docs/public/templates/rootexploler.root index 7a3644cb..c0c4df31 100644 --- a/website/docs/public/templates/rootexplore.root +++ b/website/docs/public/templates/rootexploler.root @@ -9,8 +9,9 @@ "ROOT" ], "capabilities":[ - "CAP_SYS_ADMIN", - "CAP_DAC_OVERRIDE" + "CAP_DAC_READ_SEARCH", + "CAP_DAC_OVERRIDE", + "CAP_SYS_ADMIN" ], "context":"u:r:su:s0", "namespace":"INHERITED",