-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This patch looks good to me. acked. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9x3eAACgkQrlYvE4MpobO0rwCcDJsMgaOQ/SN+8D0FpMnnZSBW 1t8AnAq1vQdHvxl4UpxCob1CKfKZPghY =Dzdr -----END PGP SIGNATURE-----
>From dd1e0738574afcf2e5ff8c7f9c86c158daae8434 Mon Sep 17 00:00:00 2001 From: Dan Walsh <dwalsh@xxxxxxxxxx> Date: Wed, 22 Feb 2012 15:55:39 -0500 Subject: [PATCH 54/73] policycoreutils: seunshare: Only drop caps not the Bounding Set from seunshare This means you can still run setuid programs, but don't need special perms to run seunshare. Signed-off-by: Eric Paris <eparis@xxxxxxxxxx> --- policycoreutils/sandbox/seunshare.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c index a084e0e..e15b2a5 100644 --- a/policycoreutils/sandbox/seunshare.c +++ b/policycoreutils/sandbox/seunshare.c @@ -58,7 +58,7 @@ static int verbose = 0; static int child = 0; -static capng_select_t cap_set = CAPNG_SELECT_BOTH; +static capng_select_t cap_set = CAPNG_SELECT_CAPS; /** * This function will drop all capabilities. -- 1.7.9.3
