commit | e562fef003d64f00b7aa75b4112605b4efbbfbcf | [log] [tgz] |
---|---|---|
author | Cheng-Han Yang <chenghan@google.com> | Mon Aug 29 16:10:35 2022 +0800 |
committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | Tue Sep 13 07:41:59 2022 +0000 |
tree | 1b180e495d200c5ece24d2620dd1e5896d69aacd | |
parent | 561f9baba38acd959bcbe78f679da640ec542ed9 [diff] |
rmad: Add rmad-executor user and group The RMA executor was run as root. After discussion with security team, it's better to run as a non-root "rmad-executor" user with CAP_SYS_ADMIN capabilities so it's still allowed to perform most of the root-level tasks. BUG=b:243855405 TEST=display-accts.py --lint Change-Id: Id90c37ce2e6958b1c57907fa4f90d622bd12ee4d Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/overlays/eclass-overlay/+/3861529 Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Commit-Queue: Cheng-Han Yang <chenghan@chromium.org> Tested-by: Cheng-Han Yang <chenghan@chromium.org>