diff options
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 4 |
2 files changed, 5 insertions, 1 deletions
@@ -411,6 +411,8 @@ smithsohu (https://github.com/smitsohu) | |||
411 | - fixed device discovery for simple-scan | 411 | - fixed device discovery for simple-scan |
412 | - add novideo support in many profiles | 412 | - add novideo support in many profiles |
413 | - improve server profiles, harden musescore | 413 | - improve server profiles, harden musescore |
414 | - snap profile cleanup | ||
415 | - tighten some capability sets further | ||
414 | soredake (https://github.com/soredake) | 416 | soredake (https://github.com/soredake) |
415 | - fix steam startup with >=llvm-4 | 417 | - fix steam startup with >=llvm-4 |
416 | SpotComms (https://github.com/SpotComms) | 418 | SpotComms (https://github.com/SpotComms) |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 8074fcd74..656942440 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -107,7 +107,9 @@ static void set_caps(void) { | |||
107 | caps_default_filter(); | 107 | caps_default_filter(); |
108 | 108 | ||
109 | // drop discretionary access control capabilities for root sandboxes | 109 | // drop discretionary access control capabilities for root sandboxes |
110 | caps_drop_dac_override(); | 110 | // if caps.keep, the user has to set it manually in the list |
111 | if (!arg_caps_keep) | ||
112 | caps_drop_dac_override(); | ||
111 | } | 113 | } |
112 | 114 | ||
113 | void save_nogroups(void) { | 115 | void save_nogroups(void) { |