From: Steve Mokris <steve@kosada.com>
Date: Thu, 12 May 2022 22:31:19 +0000 (-0400)
Subject: master: Allow child processes to setgroups()
X-Git-Tag: 2.4.0~2586
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=88a558776a10c7b3bef9fcb60126418cda3681e2;p=thirdparty%2Fdovecot%2Fcore.git

master: Allow child processes to setgroups()

Grant master process capabilities to children, so the children
can drop root privileges. This is enforced more strictly
by some kernels than others.
---

diff --git a/src/master/capabilities-posix.c b/src/master/capabilities-posix.c
index 666b07214e..7763f1ae19 100644
--- a/src/master/capabilities-posix.c
+++ b/src/master/capabilities-posix.c
@@ -28,6 +28,8 @@ void drop_capabilities(void)
 		     N_ELEMENTS(suidcaps), suidcaps, CAP_SET);
 	cap_set_flag(caps, CAP_EFFECTIVE,
 		     N_ELEMENTS(suidcaps), suidcaps, CAP_SET);
+	cap_set_flag(caps, CAP_INHERITABLE,
+		     N_ELEMENTS(suidcaps), suidcaps, CAP_SET);
 	cap_set_proc(caps);
 	cap_free(caps);
 }