summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/kernel/task_identity.go
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/sentry/kernel/task_identity.go')
-rw-r--r--pkg/sentry/kernel/task_identity.go1
1 files changed, 1 insertions, 0 deletions
diff --git a/pkg/sentry/kernel/task_identity.go b/pkg/sentry/kernel/task_identity.go
index 8f90ed786..e105eba13 100644
--- a/pkg/sentry/kernel/task_identity.go
+++ b/pkg/sentry/kernel/task_identity.go
@@ -372,6 +372,7 @@ func (t *Task) DropBoundingCapability(cp linux.Capability) error {
if !t.creds.HasCapability(linux.CAP_SETPCAP) {
return syserror.EPERM
}
+ t.creds = t.creds.Fork() // See doc for creds.
t.creds.BoundingCaps &^= auth.CapabilitySetOf(cp)
return nil
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-26 12:24:30 +0000