-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9x3r4ACgkQrlYvE4MpobMT5gCgkA3hLAzYxkrrmNbNTMBZzcj2
DacAn2FRPwHynwIY0gOctBATh3iuAzuG
=Ylwd
-----END PGP SIGNATURE-----
>From e3dedc634d0b2ab52aa93c1a27b248d34b31e066 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Fri, 16 Mar 2012 09:40:27 -0400
Subject: [PATCH 60/73] Use correct capng calls in newrole
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
policycoreutils/newrole/newrole.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
index 19e20a8..989817b 100644
--- a/policycoreutils/newrole/newrole.c
+++ b/policycoreutils/newrole/newrole.c
@@ -546,6 +546,7 @@ static int drop_capabilities(int full)
uid_t uid = getuid();
if (!uid) return 0;
+ capng_setpid(getpid());
capng_clear(CAPNG_SELECT_BOTH);
if (capng_lock() < 0)
return -1;
@@ -575,6 +576,7 @@ static int drop_capabilities(int full)
*/
static int drop_capabilities(int full)
{
+ capng_setpid(getpid());
capng_clear(CAPNG_SELECT_BOTH);
if (capng_lock() < 0)
return -1;
@@ -586,7 +588,7 @@ static int drop_capabilities(int full)
return -1;
}
if (! full)
- capng_update(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_SYS_ADMIN | CAP_FOWNER | CAP_CHOWN | CAP_DAC_OVERRIDE | CAP_SETPCAP);
+ capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED, CAP_SYS_ADMIN , CAP_FOWNER , CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_SETPCAP, -1);
return capng_apply(CAPNG_SELECT_BOTH);
}
--
1.7.9.3
