DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-03 16:55:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

sys_linux: don't keep CAP_SYS_TIME with -x option

Browse Source 
When dropping the root privileges, don't try to keep the CAP_SYS_TIME
capability if the -x option was enabled. This allows chronyd to be
started without the capability (e.g. in containers) and also drop the
root privileges.
This commit is contained in:
Miroslav Lichvar
2018-02-05 14:00:05 +01:00
parent b1647dbcb7
commit e8096330be
3 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sys_linux.h
View File

@@ -31,7 +31,7 @@ extern void SYS_Linux_Initialise(void);
extern void SYS_Linux_Finalise(void);
extern void SYS_Linux_DropRoot(uid_t uid, gid_t gid);
extern void SYS_Linux_DropRoot(uid_t uid, gid_t gid, int clock_control);
extern void SYS_Linux_EnableSystemCallFilter(int level);