fdo-mirrors/dbus
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/dbus/dbus.git synced 2026-05-05 04:08:12 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

capng: Drop supplemental groups when switching to daemon user

Browse source 
This patch ensures the daemon process doesn't inherit any supplemental
groups for the root user from an administrator login via an init
script.

This is only an issue for pre-systemd systems.

https://bugzilla.redhat.com/show_bug.cgi?id=726953
This commit is contained in:
Steve Grubb 2011-08-01 14:28:27 -04:00 committed by Simon McVittie
parent 93731e6c9c
commit 70fb675a10
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
bus/selinux.c
View file

@ -1055,7 +1055,7 @@ _dbus_change_to_daemon_user (const char *user,
capng_clear (CAPNG_SELECT_BOTH);
capng_update (CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
CAP_AUDIT_WRITE);
rc = capng_change_id (uid, gid, 0);
rc = capng_change_id (uid, gid, CAPNG_DROP_SUPP_GRP);
if (rc)
{
switch (rc) {