From a46fbe493eac2769a9d7ba98c7a8e078b346c8e0 Mon Sep 17 00:00:00 2001
From: Marcel Holtmann <marcel@holtmann.org>
Date: Wed, 27 Oct 2010 14:03:13 +0200
Subject: main: Enable active capability dropping

---
 src/main.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/main.c')

diff --git a/src/main.c b/src/main.c
index 33bfa0e2..93149bcf 100644
--- a/src/main.c
+++ b/src/main.c
@@ -138,6 +138,10 @@ int main(int argc, char **argv)
 
 #ifdef HAVE_CAPNG
 	/* Drop capabilities */
+	capng_clear(CAPNG_SELECT_BOTH);
+	capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
+				CAP_NET_BIND_SERVICE, CAP_NET_ADMIN, -1);
+	capng_apply(CAPNG_SELECT_BOTH);
 #endif
 
 	sigemptyset(&mask);
-- 
cgit v1.2.3