From: Łukasz Stelmach <l.stelmach@samsung.com>
Date: Tue, 12 Jul 2022 11:57:32 +0000 (+0200)
Subject: core: drop ambient capabilities in user manager
X-Git-Tag: v252-rc1~632
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=963b6b906e5666876f5c90b47600b13ae94d5e4c;p=thirdparty%2Fsystemd.git

core: drop ambient capabilities in user manager

Ambient capabilities should not be passed implicitly to user
services. Dropping them does not affect the permitted and effective sets
which are important for the manager itself to operate.
---

diff --git a/src/core/main.c b/src/core/main.c
index 72d86d3efd0..55f5481eb23 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -2825,6 +2825,11 @@ int main(int argc, char *argv[]) {
                 /* clear the kernel timestamp, because we are not PID 1 */
                 kernel_timestamp = DUAL_TIMESTAMP_NULL;
 
+                /* Clear ambient capabilities, so services do not inherit them implicitly. Dropping them does
+                 * not affect the permitted and effective sets which are important for the manager itself to
+                 * operate. */
+                capability_ambient_set_apply(0, /* also_inherit= */ false);
+
                 if (mac_selinux_init() < 0) {
                         error_message = "Failed to initialize SELinux support";
                         goto finish;