diff options
author | Mykyta Holubakha <hilobakho@gmail.com> | 2017-01-12 04:35:09 +0200 |
---|---|---|
committer | Mykyta Holubakha <hilobakho@gmail.com> | 2017-01-12 04:35:09 +0200 |
commit | d9ba61d7e91c5aceef1a6a736dc65f0594b9be2a (patch) | |
tree | bcfca21ab99e7ad31f0805cc08a80b6c15c3d287 | |
parent | Keep CAP_SYS_PTRACE with suid binary (diff) | |
download | sway-d9ba61d7e91c5aceef1a6a736dc65f0594b9be2a.tar.gz sway-d9ba61d7e91c5aceef1a6a736dc65f0594b9be2a.tar.zst sway-d9ba61d7e91c5aceef1a6a736dc65f0594b9be2a.zip |
Log capability dropping
-rw-r--r-- | sway/main.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sway/main.c b/sway/main.c index 6c74aab2..7bf71b53 100644 --- a/sway/main.c +++ b/sway/main.c | |||
@@ -331,6 +331,7 @@ int main(int argc, char **argv) { | |||
331 | // Drop every cap except CAP_SYS_PTRACE | 331 | // Drop every cap except CAP_SYS_PTRACE |
332 | cap_t caps = cap_init(); | 332 | cap_t caps = cap_init(); |
333 | cap_value_t keep = CAP_SYS_PTRACE; | 333 | cap_value_t keep = CAP_SYS_PTRACE; |
334 | sway_log(L_INFO, "Dropping extra capabilities"); | ||
334 | if (cap_set_flag(caps, CAP_PERMITTED, 1, &keep, CAP_SET) || | 335 | if (cap_set_flag(caps, CAP_PERMITTED, 1, &keep, CAP_SET) || |
335 | cap_set_flag(caps, CAP_EFFECTIVE, 1, &keep, CAP_SET) || | 336 | cap_set_flag(caps, CAP_EFFECTIVE, 1, &keep, CAP_SET) || |
336 | cap_set_proc(caps)) { | 337 | cap_set_proc(caps)) { |