sys: keep cap_net_bind_service capability

This will be needed to allow opening of NTP server socket after root
privileges are dropped.

diff --git a/sys_linux.c b/sys_linux.c
index 42891f5c1c09b2d67e50f001c90f8a4099661ed2..29e8aa412e88985cdc21b4f7756f7e8569cc16b2 100644 (file)
--- a/sys_linux.c
+++ b/sys_linux.c
@@ -397,7 +397,7 @@ SYS_Linux_DropRoot(char *user)
     LOG_FATAL(LOGF_SysLinux, "setuid(%d) failed", pw->pw_uid);
   }
 
-  if ((cap = cap_from_text("cap_sys_time=ep")) == NULL) {
+  if ((cap = cap_from_text("cap_net_bind_service,cap_sys_time=ep")) == NULL) {
     LOG_FATAL(LOGF_SysLinux, "cap_from_text() failed");
   }