Disable securebits again to avoid spawned programs unexpectedly retaining capabilities after a UID/GID change
This commit is contained in:
parent
317555b687
commit
d10c9fb90d
10
user.cc
10
user.cc
@ -276,6 +276,16 @@ bool initNsFromChild(nsjconf_t* nsjconf) {
|
||||
return false;
|
||||
}
|
||||
|
||||
/*
|
||||
* Disable securebits again to avoid spawned programs
|
||||
* unexpectedly retaining capabilities after a UID/GID
|
||||
* change.
|
||||
*/
|
||||
if (prctl(PR_SET_SECUREBITS, 0UL, 0UL, 0UL, 0UL) == -1) {
|
||||
PLOG_E("prctl(PR_SET_SECUREBITS, 0)");
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user