diff options
Diffstat (limited to 'src/firejail/join.c')
-rw-r--r-- | src/firejail/join.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/firejail/join.c b/src/firejail/join.c index b5b45a3bf..d7328a91b 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -242,6 +242,9 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
242 | if (child < 0) | 242 | if (child < 0) |
243 | errExit("fork"); | 243 | errExit("fork"); |
244 | if (child == 0) { | 244 | if (child == 0) { |
245 | // drop discretionary access control capabilities by default | ||
246 | caps_drop_dac_override(); | ||
247 | |||
245 | // chroot into /proc/PID/root directory | 248 | // chroot into /proc/PID/root directory |
246 | char *rootdir; | 249 | char *rootdir; |
247 | if (asprintf(&rootdir, "/proc/%d/root", pid) == -1) | 250 | if (asprintf(&rootdir, "/proc/%d/root", pid) == -1) |