From 40bbe2539b9c051843cd9b6245f0c2b7225365d4 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue, 6 Jan 2015 11:17:47 +0100
Subject: [PATCH] sys: keep cap_net_bind_service capability

This will be needed to allow opening of NTP server socket after root
privileges are dropped.
---
 sys_linux.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sys_linux.c b/sys_linux.c
index 42891f5..29e8aa4 100644
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -397,7 +397,7 @@ SYS_Linux_DropRoot(char *user)
     LOG_FATAL(LOGF_SysLinux, "setuid(%d) failed", pw->pw_uid);
   }
 
-  if ((cap = cap_from_text("cap_sys_time=ep")) == NULL) {
+  if ((cap = cap_from_text("cap_net_bind_service,cap_sys_time=ep")) == NULL) {
     LOG_FATAL(LOGF_SysLinux, "cap_from_text() failed");
   }