On 7/22/21 11:29 AM, Michal Privoznik wrote:
> After all capabilities were set (except for CAP_SETGID,
> CAP_SETUID and CAP_SETPCAP) and after UID:GID was changed we drop
> the last aforementioned capabilities (we couldn't drop them
> before because we needed UID:GID and capabilities change).
>
After all capabilities were set (except for CAP_SETGID,
CAP_SETUID and CAP_SETPCAP) and after UID:GID was changed we drop
the last aforementioned capabilities (we couldn't drop them
before because we needed UID:GID and capabilities change).
Therefore, there's final capng_apply() call. However,
