core: drop ambient capabilities in systemd-executor
Since the commit
963b6b906e ("core: drop ambient capabilities in
user manager") systemd running as the session manager has dropped ambient
capabilities retaining other sets allowing user services to be started
with elevated capabilities. This, worked fine until the introduction of
sd-executor. For a non-root process to be started with elevated
capabilities by a non-root parent it either needs file capabilities or
ambient capabilities in the parent process. Thus, systemd needs to allow
sd-executor to inherit its ambient capabilities and sd-executor should
drop them as systemd did before.
The ambient set is managed for both system and session managers, but
with the default set for PID#1 being empty, this code does not affect
operation of PID#1.
Change-Id: I79d2ea9519c574cf1be764b26ac62f1144fa16ca
Fixes:
bb5232b6a3 ("core: add systemd-executor binary")
Forwarded: https://github.com/systemd/systemd/pull/32937
projects / platform / upstream / systemd.git / commit