diff options
author | Steve Grubb <sgrubb@redhat.com> | 2011-08-01 14:28:27 -0400 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2011-08-01 14:28:27 -0400 |
commit | 03ab0104abd18f1d137eac9a02a18fafeacd736c (patch) | |
tree | 73131d0f1cef92fba6281e608b3604bc5d2850f3 /bus/selinux.c | |
parent | 4b78d66da86801acdb5044a82dce5f1422f06cd3 (diff) | |
download | dbus-03ab0104abd18f1d137eac9a02a18fafeacd736c.tar.gz |
capng: Drop supplemental groups when switching to daemon user
This patch ensures the daemon process doesn't inherit any supplemental
groups for the root user from an administrator login via an init
script.
This is only an issue for pre-systemd systems.
https://bugzilla.redhat.com/show_bug.cgi?id=726953
Diffstat (limited to 'bus/selinux.c')
-rw-r--r-- | bus/selinux.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/bus/selinux.c b/bus/selinux.c index e94d8a8e..36287e9f 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -1055,7 +1055,7 @@ _dbus_change_to_daemon_user (const char *user, capng_clear (CAPNG_SELECT_BOTH); capng_update (CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_AUDIT_WRITE); - rc = capng_change_id (uid, gid, 0); + rc = capng_change_id (uid, gid, CAPNG_DROP_SUPP_GRP); if (rc) { switch (rc) { |