From d9f65fc63aac88e58decb191dd2ff26e1469169a Mon Sep 17 00:00:00 2001
From: Simo Piiroinen <simo.piiroinen@jollamobile.com>
Date: Thu, 30 Jan 2020 13:50:26 +0200
Subject: [PATCH] [systemd] Add capabilities required by compositor killer.
 Fixes JB#48754

The intent is that (devel flavor) mce will make an attempt to
coredump / kill compositor process that stops responding to
display blank/unblank control ipc - when it is unlikely that
compositor is unresponsive because it has been stopped in
debugger. This feature stopped working after systemd sandboxing
features were taken in use.

Add CAP_SYS_PTRACE - required by debugger detection.

Add CAP_KILL - required for sending signals to unrelated processes.

Add diagnostic logging in error paths of related code.

Signed-off-by: Simo Piiroinen <simo.piiroinen@jollamobile.com>
---
 modules/display.c   | 19 +++++++++++++------
 systemd/mce.service |  2 +-
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/modules/display.c b/modules/display.c
index 7c700183..914a6a7b 100644
--- a/modules/display.c
+++ b/modules/display.c
@@ -2,8 +2,9 @@
  * @file display.c
  * Display module -- this implements display handling for MCE
  * <p>
- * Copyright © 2007-2011 Nokia Corporation and/or its subsidiary(-ies).
- * Copyright (C) 2012-2019 Jolla Ltd.
+ * Copyright (c) 2007 - 2011 Nokia Corporation and/or its subsidiary(-ies).
+ * Copyright (c) 2012 - 2020 Jolla Ltd.
+ * Copyright (c) 2020 Open Mobile Platform LLC.
  * <p>
  * @author David Weinehall <david.weinehall@nokia.com>
  * @author Tapio Rantala <ext-tapio.rantala@nokia.com>
@@ -6721,8 +6722,11 @@ compositor_stm_core_timer_cb(void *aptr)
      * handled "nicely" by compositor. SIGXCPU fits that description and
      * is also c) somewhat relevant "CPU time limit exceeded" d) easily
      * distinguishable from other "normal" crash reports. */
-    if( kill(self->csi_service_pid, SIGXCPU) == -1 && errno == ESRCH )
-        goto EXIT;
+    if( kill(self->csi_service_pid, SIGXCPU) == -1 ) {
+        if( errno == ESRCH )
+            goto EXIT;
+        mce_log(LL_WARN, "could not SIGXCPU compositor: %m");
+    }
 
     self->csi_kill_timer_id = g_timeout_add(mdy_compositor_kill_delay * 1000,
                                             compositor_stm_kill_timer_cb,
@@ -6749,8 +6753,11 @@ compositor_stm_kill_timer_cb(void *aptr)
     if( self->csi_service_pid == COMPOSITOR_STM_INVALID_PID )
         goto EXIT;
 
-    if( kill(self->csi_service_pid, SIGKILL) == -1 && errno == ESRCH )
-        goto EXIT;
+    if( kill(self->csi_service_pid, SIGKILL) == -1 ) {
+        if( errno == ESRCH )
+            goto EXIT;
+        mce_log(LL_WARN, "could not SIGKILL compositor: %m");
+    }
 
     self->csi_kill_timer_id = g_timeout_add(mdy_compositor_bury_delay * 1000,
                                             compositor_stm_bury_timer_cb,
diff --git a/systemd/mce.service b/systemd/mce.service
index 816b7b50..6a15f44e 100644
--- a/systemd/mce.service
+++ b/systemd/mce.service
@@ -12,7 +12,7 @@ Type=notify
 ExecStart=/usr/sbin/mce --systemd
 Restart=always
 # Sandboxing
-CapabilityBoundingSet=CAP_BLOCK_SUSPEND CAP_DAC_OVERRIDE CAP_FOWNER
+CapabilityBoundingSet=CAP_BLOCK_SUSPEND CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_PTRACE CAP_KILL
 # System update uses /tmp/os-update-running which should be relocated
 PrivateTmp=no
 ProtectHome=yes