-
Lennart Poettering authored
When we drop capabilities we shouldn't assume we can keep CAP_AUDIT_WRITE unconditionally, since it will not be available when running in containers. This patch only adds CAP_AUDIT_WRITE to the list of caps we keep if we actually have it in the first place. This makes audit/selinux enabled D-Bus work in a Linux container. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=49062 Acked-by: Thiago Macieira <thiago@kde.org> Acked-by: Colin Walters <walters@verbum.org> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
2cf320fc