capabilities: when dropping capabilities system-wide also drop them from usermode helpers

This hooks things up with /proc/sys/kernel/usermodehelper/bset and /proc/sys/kernel/usermodehelper/inheritable.
author: Lennart Poettering <lennart@poettering.net> 2012-05-29 23:33:38 +0200
committer: Lennart Poettering <lennart@poettering.net> 2012-05-29 23:35:17 +0200
commit: 939b8f14dcd9312140d001b55b4e7a87173682ef (patch)
tree: bd67229d635bdff07e0a6b8e3da90d82eb00bd70 /src/core
parent: 9246319f1fd9625a4a43883ae660ecd5ae41423a (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/core/main.c b/src/core/main.c
index 9248c388a4..4c3ee7d5a2 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1493,6 +1493,11 @@ int main(int argc, char *argv[]) {
                         log_error("Failed to drop capability bounding set: %s", strerror(-r));
                         goto finish;
                 }
+                r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
+                if (r < 0) {
+                        log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
+                        goto finish;
+                }
         }
 
         r = manager_new(arg_running_as, &m);
author	Lennart Poettering <lennart@poettering.net>	2012-05-29 23:33:38 +0200
committer	Lennart Poettering <lennart@poettering.net>	2012-05-29 23:35:17 +0200
commit	939b8f14dcd9312140d001b55b4e7a87173682ef (patch)
tree	bd67229d635bdff07e0a6b8e3da90d82eb00bd70 /src/core
parent	9246319f1fd9625a4a43883ae660ecd5ae41423a (diff)