policycoreutils: seunshare: Only drop caps not the Bounding Set from seunshare This means you can still run setuid programs, but don't need special perms to run seunshare. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>

commit: 1f0b5bd920c8c43afb215b7455a9691198bd3a51 [log] [tgz]
author: Dan Walsh <dwalsh@redhat.com> Wed Feb 22 15:55:39 2012 -0500
committer: Eric Paris <eparis@redhat.com> Wed Mar 28 14:52:13 2012 -0400
tree: 23e60ee263e092a19a42c4242245141749a01094
parent: 5766295bb2ad45c85a1cc489f220dde07074b737 [diff]
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
index a084e0e..e15b2a5 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c

@@ -58,7 +58,7 @@
 static int verbose = 0;
 static int child = 0;
 
-static capng_select_t cap_set = CAPNG_SELECT_BOTH;
+static capng_select_t cap_set = CAPNG_SELECT_CAPS;
 
 /**
  * This function will drop all capabilities.
commit	1f0b5bd920c8c43afb215b7455a9691198bd3a51	[log] [tgz]
author	Dan Walsh <dwalsh@redhat.com>	Wed Feb 22 15:55:39 2012 -0500
committer	Eric Paris <eparis@redhat.com>	Wed Mar 28 14:52:13 2012 -0400
tree	23e60ee263e092a19a42c4242245141749a01094
parent	5766295bb2ad45c85a1cc489f220dde07074b737 [diff]