Commit 03ab0104 authored by Steve Grubb's avatar Steve Grubb Committed by Colin Walters

capng: Drop supplemental groups when switching to daemon user

This patch ensures the daemon process doesn't inherit any supplemental
groups for the root user from an administrator login via an init
script.

This is only an issue for pre-systemd systems.

https://bugzilla.redhat.com/show_bug.cgi?id=726953
parent 4b78d66d
......@@ -1055,7 +1055,7 @@ _dbus_change_to_daemon_user (const char *user,
capng_clear (CAPNG_SELECT_BOTH);
capng_update (CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
CAP_AUDIT_WRITE);
rc = capng_change_id (uid, gid, 0);
rc = capng_change_id (uid, gid, CAPNG_DROP_SUPP_GRP);
if (rc)
{
switch (rc) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment