diff options
| author |  Mykyta Holubakha <hilobakho@gmail.com> | 2017-01-12 04:35:09 +0200 |
|---|---|---|
| committer | Mykyta Holubakha <hilobakho@gmail.com> | 2017-01-12 04:35:09 +0200 |
| commit | d9ba61d7e91c5aceef1a6a736dc65f0594b9be2a (patch) | |
| tree | bcfca21ab99e7ad31f0805cc08a80b6c15c3d287 | |
| parent | Keep CAP_SYS_PTRACE with suid binary (diff) | |
| download | sway-d9ba61d7e91c5aceef1a6a736dc65f0594b9be2a.tar.gz sway-d9ba61d7e91c5aceef1a6a736dc65f0594b9be2a.tar.zst sway-d9ba61d7e91c5aceef1a6a736dc65f0594b9be2a.zip | |
Log capability dropping
| -rw-r--r-- | sway/main.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sway/main.c b/sway/main.c index 6c74aab2..7bf71b53 100644 --- a/sway/main.c +++ b/sway/main.c | |||
| @@ -331,6 +331,7 @@ int main(int argc, char **argv) { | |||
| 331 | // Drop every cap except CAP_SYS_PTRACE | 331 | // Drop every cap except CAP_SYS_PTRACE |
| 332 | cap_t caps = cap_init(); | 332 | cap_t caps = cap_init(); |
| 333 | cap_value_t keep = CAP_SYS_PTRACE; | 333 | cap_value_t keep = CAP_SYS_PTRACE; |
| 334 | sway_log(L_INFO, "Dropping extra capabilities"); | ||
| 334 | if (cap_set_flag(caps, CAP_PERMITTED, 1, &keep, CAP_SET) || | 335 | if (cap_set_flag(caps, CAP_PERMITTED, 1, &keep, CAP_SET) || |
| 335 | cap_set_flag(caps, CAP_EFFECTIVE, 1, &keep, CAP_SET) || | 336 | cap_set_flag(caps, CAP_EFFECTIVE, 1, &keep, CAP_SET) || |
| 336 | cap_set_proc(caps)) { | 337 | cap_set_proc(caps)) { |