[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 60/73] Use correct capng calls in newrole



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


   This patch looks good to me. acked.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9x3r4ACgkQrlYvE4MpobMT5gCgkA3hLAzYxkrrmNbNTMBZzcj2
DacAn2FRPwHynwIY0gOctBATh3iuAzuG
=Ylwd
-----END PGP SIGNATURE-----
>From e3dedc634d0b2ab52aa93c1a27b248d34b31e066 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Fri, 16 Mar 2012 09:40:27 -0400
Subject: [PATCH 60/73] Use correct capng calls in newrole

Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
 policycoreutils/newrole/newrole.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
index 19e20a8..989817b 100644
--- a/policycoreutils/newrole/newrole.c
+++ b/policycoreutils/newrole/newrole.c
@@ -546,6 +546,7 @@ static int drop_capabilities(int full)
 	uid_t uid = getuid();
 	if (!uid) return 0;
 
+	capng_setpid(getpid());
 	capng_clear(CAPNG_SELECT_BOTH);
 	if (capng_lock() < 0) 
 		return -1;
@@ -575,6 +576,7 @@ static int drop_capabilities(int full)
  */
 static int drop_capabilities(int full)
 {
+	capng_setpid(getpid());
 	capng_clear(CAPNG_SELECT_BOTH);
 	if (capng_lock() < 0) 
 		return -1;
@@ -586,7 +588,7 @@ static int drop_capabilities(int full)
 		return -1;
 	}
 	if (! full) 
-		capng_update(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_SYS_ADMIN | CAP_FOWNER | CAP_CHOWN | CAP_DAC_OVERRIDE | CAP_SETPCAP);
+		capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_SYS_ADMIN , CAP_FOWNER , CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_SETPCAP, -1);
 	return capng_apply(CAPNG_SELECT_BOTH);
 }
 
-- 
1.7.9.3


[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux