From: Robert Swiecki <robert@swiecki.net>
Date: Mon, 1 Jul 2019 12:51:32 +0000 (+0200)
Subject: Disable securebits again to avoid spawned programs unexpectedly retaining capabilitie... 
X-Git-Tag: 2.9~11
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d10c9fb90d7e82788c9a5e76f763a3ea695a8312;p=platform%2Fupstream%2Fnsjail.git

Disable securebits again to avoid spawned programs unexpectedly retaining capabilities after a UID/GID change
---

diff --git a/user.cc b/user.cc
index 3acf3a6..0af3e62 100644
--- a/user.cc
+++ b/user.cc
@@ -276,6 +276,16 @@ bool initNsFromChild(nsjconf_t* nsjconf) {
 		return false;
 	}
 
+	/*
+	 * Disable securebits again to avoid spawned programs
+	 * unexpectedly retaining capabilities after a UID/GID
+	 * change.
+	 */
+	if (prctl(PR_SET_SECUREBITS, 0UL, 0UL, 0UL, 0UL) == -1) {
+		PLOG_E("prctl(PR_SET_SECUREBITS, 0)");
+		return false;
+	}
+
 	return true;
 }