core: drop ambient capabilities in user manager

Ambient capabilities should not be passed implicitly to user services. Dropping them does not affect the permitted and effective sets which are important for the manager itself to operate.
author: Łukasz Stelmach <l.stelmach@samsung.com> 2022-07-12 13:57:32 +0200
committer: Lennart Poettering <lennart@poettering.net> 2022-07-15 15:35:22 +0200
commit: 963b6b906e5666876f5c90b47600b13ae94d5e4c (patch)
tree: 4766add1e5818020f1f8065252021f7f048c8ee1 /src
parent: d8e4960bf17937f8306bfd18cc29dad7a14041cb (diff)
download: systemd-963b6b906e5666876f5c90b47600b13ae94d5e4c.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/src/core/main.c b/src/core/main.c
index 72d86d3efd..55f5481eb2 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -2825,6 +2825,11 @@ int main(int argc, char *argv[]) {
                 /* clear the kernel timestamp, because we are not PID 1 */
                 kernel_timestamp = DUAL_TIMESTAMP_NULL;
 
+                /* Clear ambient capabilities, so services do not inherit them implicitly. Dropping them does
+                 * not affect the permitted and effective sets which are important for the manager itself to
+                 * operate. */
+                capability_ambient_set_apply(0, /* also_inherit= */ false);
+
                 if (mac_selinux_init() < 0) {
                         error_message = "Failed to initialize SELinux support";
                         goto finish;
author	Łukasz Stelmach <l.stelmach@samsung.com>	2022-07-12 13:57:32 +0200
committer	Lennart Poettering <lennart@poettering.net>	2022-07-15 15:35:22 +0200
commit	963b6b906e5666876f5c90b47600b13ae94d5e4c (patch)
tree	4766add1e5818020f1f8065252021f7f048c8ee1 /src
parent	d8e4960bf17937f8306bfd18cc29dad7a14041cb (diff)
download	systemd-963b6b906e5666876f5c90b47600b13ae94d5e4c.tar.gz