diff options
| author | Lennart Poettering <lennart@poettering.net> | 2012-05-29 23:33:38 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2012-05-29 23:35:17 +0200 |
| commit | 939b8f14dcd9312140d001b55b4e7a87173682ef (patch) | |
| tree | bd67229d635bdff07e0a6b8e3da90d82eb00bd70 /src/core/main.c | |
| parent | 9246319f1fd9625a4a43883ae660ecd5ae41423a (diff) | |
capabilities: when dropping capabilities system-wide also drop them from usermode helpers
This hooks things up with /proc/sys/kernel/usermodehelper/bset and
/proc/sys/kernel/usermodehelper/inheritable.
Diffstat (limited to 'src/core/main.c')
| -rw-r--r-- | src/core/main.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/core/main.c b/src/core/main.c index 9248c388a4..4c3ee7d5a2 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1493,6 +1493,11 @@ int main(int argc, char *argv[]) { log_error("Failed to drop capability bounding set: %s", strerror(-r)); goto finish; } + r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop); + if (r < 0) { + log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r)); + goto finish; + } } r = manager_new(arg_running_as, &m); |