Added cap_sys_nice to the capabilities that are not dropped

author: Klaus Schmidinger <vdr@tvdr.de> 2009-02-01 10:15:47 +0100
committer: Klaus Schmidinger <vdr@tvdr.de> 2009-02-01 10:15:47 +0100
commit: 6a6aac9dd37fa19db11adead264405313f795e23 (patch)
tree: 15b44ebe59a8858f1c30b4013175bcadba05bc1d /vdr.c
parent: 9a7473eaf3f1512dc213cafe563c6a9d1a6c974b (diff)
download: vdr-6a6aac9dd37fa19db11adead264405313f795e23.tar.gz
vdr-6a6aac9dd37fa19db11adead264405313f795e23.tar.bz2
1 files changed, 5 insertions, 5 deletions
diff --git a/vdr.c b/vdr.c
index 34ad856f..60fc11a1 100644
--- a/vdr.c
+++ b/vdr.c
@@ -22,7 +22,7 @@
  *
  * The project's page is at http://www.cadsoft.de/vdr
  *
- * $Id: vdr.c 2.4 2009/01/18 11:02:37 kls Exp $
+ * $Id: vdr.c 2.5 2009/02/01 10:13:48 kls Exp $
  */
 
 #include <getopt.h>
@@ -112,10 +112,10 @@ static bool SetUser(const char *UserName, bool UserDump)//XXX name?
   return true;
 }
 
-static bool SetCapSysTime(void)
+static bool DropCaps(void)
 {
-  // drop all capabilities except cap_sys_time
-  cap_t caps = cap_from_text("= cap_sys_time=ep");
+  // drop all capabilities except selected ones
+  cap_t caps = cap_from_text("= cap_sys_nice,cap_sys_time=ep");
   if (!caps) {
      fprintf(stderr, "vdr: cap_from_text failed: %s\n", strerror(errno));
      return false;
@@ -387,7 +387,7 @@ int main(int argc, char *argv[])
            return 2;
         if (!SetKeepCaps(false))
            return 2;
-        if (!SetCapSysTime())
+        if (!DropCaps())
            return 2;
         }
      }
author	Klaus Schmidinger <vdr@tvdr.de>	2009-02-01 10:15:47 +0100
committer	Klaus Schmidinger <vdr@tvdr.de>	2009-02-01 10:15:47 +0100
commit	6a6aac9dd37fa19db11adead264405313f795e23 (patch)
tree	15b44ebe59a8858f1c30b4013175bcadba05bc1d /vdr.c
parent	9a7473eaf3f1512dc213cafe563c6a9d1a6c974b (diff)
download	vdr-6a6aac9dd37fa19db11adead264405313f795e23.tar.gz vdr-6a6aac9dd37fa19db11adead264405313f795e23.tar.bz2