diff options
Diffstat (limited to 'src/firejail/sandbox.c')
-rw-r--r-- | src/firejail/sandbox.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 8074fcd74..656942440 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -107,7 +107,9 @@ static void set_caps(void) { | |||
107 | caps_default_filter(); | 107 | caps_default_filter(); |
108 | 108 | ||
109 | // drop discretionary access control capabilities for root sandboxes | 109 | // drop discretionary access control capabilities for root sandboxes |
110 | caps_drop_dac_override(); | 110 | // if caps.keep, the user has to set it manually in the list |
111 | if (!arg_caps_keep) | ||
112 | caps_drop_dac_override(); | ||
111 | } | 113 | } |
112 | 114 | ||
113 | void save_nogroups(void) { | 115 | void save_nogroups(void) { |