diff options
| -rw-r--r-- | src/core/execute.c | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/src/core/execute.c b/src/core/execute.c index 2d0db6d3a6..694033e82c 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -4255,8 +4255,16 @@ static int exec_child( } } - /* This is done before enforce_user, but ambient set - * does not survive over setresuid() if keep_caps is not set. */ + /* Ambient capabilities are cleared during setresuid() (in enforce_user()) even with + * keep-caps set. + * To be able to raise the ambient capabilities after setresuid() they have to be + * added to the inherited set and keep caps has to be set (done in enforce_user()). + * After setresuid() the ambient capabilities can be raised as they are present in + * the permitted and inhertiable set. However it is possible that someone wants to + * set ambient capabilities without changing the user, so we also set the ambient + * capabilities here. + * The requested ambient capabilities are raised in the inheritable set if the + * second argument is true. */ if (!needs_ambient_hack) { r = capability_ambient_set_apply(context->capability_ambient_set, true); if (r < 0) { @@ -4282,21 +4290,12 @@ static int exec_child( if (!needs_ambient_hack && context->capability_ambient_set != 0) { - /* Fix the ambient capabilities after user change. */ + /* Raise the ambient capabilities after user change. */ r = capability_ambient_set_apply(context->capability_ambient_set, false); if (r < 0) { *exit_status = EXIT_CAPABILITIES; return log_unit_error_errno(unit, r, "Failed to apply ambient capabilities (after UID change): %m"); } - - /* If we were asked to change user and ambient capabilities - * were requested, we had to add keep-caps to the securebits - * so that we would maintain the inherited capability set - * through the setresuid(). Make sure that the bit is added - * also to the context secure_bits so that we don't try to - * drop the bit away next. */ - - secure_bits |= 1<<SECURE_KEEP_CAPS; } } } |