#2482 Use libcap-ng to drop privileges but retain capabilities
Opened 5 years ago by jhrozek. Modified 2 years ago

Once we need to not only drop privileges but also retain some capability (CAP_AUDIT comes to mind), we'll need to use something like libcap-ng instead of handling capabilities ourselves with prctl. Attached is a patch i wrote when working on the rootless sssd.

Fields changed

rhbz: => 0

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD Patches welcome

2 years ago

Login to comment on this ticket.