capabilities: when dropping capabilities system-wide also drop them from usermode...

[elogind.git] / src / core / main.c

diff --git a/src/core/main.c b/src/core/main.c
index 9248c388a4dc4ba7741936e7b4c3c07558f1fdf4..4c3ee7d5a2e240cd1ad42f1612a271f5dfa1146d 100644 (file)
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1493,6 +1493,11 @@ int main(int argc, char *argv[]) {
                         log_error("Failed to drop capability bounding set: %s", strerror(-r));
                         goto finish;
                 }
                         log_error("Failed to drop capability bounding set: %s", strerror(-r));
                         goto finish;
                 }

+                r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
+                if (r < 0) {
+                        log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
+                        goto finish;
+                }

         }
 
         r = manager_new(arg_running_as, &m);
         }
 
         r = manager_new(arg_running_as, &m);