diff options
author | startx2017 <vradu.startx@yandex.com> | 2017-09-05 08:35:21 -0400 |
---|---|---|
committer | startx2017 <vradu.startx@yandex.com> | 2017-09-05 08:35:21 -0400 |
commit | b3f3992bcc3c9e4d7bc876ec2460cdf1926263b6 (patch) | |
tree | 1385453b54f3d97cd23e5981736a4efe6e2c99ab /src | |
parent | Merge pull request #1526 from smitsohu/caps (diff) | |
download | firejail-b3f3992bcc3c9e4d7bc876ec2460cdf1926263b6.tar.gz firejail-b3f3992bcc3c9e4d7bc876ec2460cdf1926263b6.tar.zst firejail-b3f3992bcc3c9e4d7bc876ec2460cdf1926263b6.zip |
fix caps.keep/dac-overwrite
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/sandbox.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 8074fcd74..656942440 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -107,7 +107,9 @@ static void set_caps(void) { | |||
107 | caps_default_filter(); | 107 | caps_default_filter(); |
108 | 108 | ||
109 | // drop discretionary access control capabilities for root sandboxes | 109 | // drop discretionary access control capabilities for root sandboxes |
110 | caps_drop_dac_override(); | 110 | // if caps.keep, the user has to set it manually in the list |
111 | if (!arg_caps_keep) | ||
112 | caps_drop_dac_override(); | ||
111 | } | 113 | } |
112 | 114 | ||
113 | void save_nogroups(void) { | 115 | void save_nogroups(void) { |