loolwsd: remove cap_sys_admin capabilityprivate/hcvcastro/bind-mount

author: Henry Castro <hcastro@collabora.com> 2015-12-10 07:47:33 -0400
committer: Henry Castro <hcastro@collabora.com> 2015-12-10 07:47:33 -0400
commit: 294422b5a038e6faa9c112c40bda93413196b244 (patch)
tree: 37c1ae27b09aadd18dc9d8ef27fc90e51aaa3394
parent: e68aef6bef404882ebbb734c515d8fee58f48395 (diff)
2 files changed, 2 insertions, 4 deletions
diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp
index 8d8212175..6390f5f00 100644
--- a/loolwsd/LOOLWSD.cpp
+++ b/loolwsd/LOOLWSD.cpp
@@ -908,7 +908,6 @@ void LOOLWSD::componentMain()
         dropCapability(CAP_SYS_CHROOT);
         dropCapability(CAP_MKNOD);
         dropCapability(CAP_FOWNER);
-        dropCapability(CAP_SYS_ADMIN);
 #else
         dropCapability();
 #endif
@@ -1212,7 +1211,6 @@ int LOOLWSD::main(const std::vector<std::string>& /*args*/)
     dropCapability(CAP_SYS_CHROOT);
     dropCapability(CAP_MKNOD);
     dropCapability(CAP_FOWNER);
-    dropCapability(CAP_SYS_ADMIN);
 #else
     dropCapability();
 #endif
diff --git a/loolwsd/Makefile.am b/loolwsd/Makefile.am
index 62f24eec0..c1acb0640 100644
--- a/loolwsd/Makefile.am
+++ b/loolwsd/Makefile.am
@@ -36,8 +36,8 @@ clean-cache:
 all-local: loolwsd
 	if test "$$BUILDING_FROM_RPMBUILD" != yes; then \
 	    if test `uname -s` = Linux; then \
-		sudo @SETCAP@ cap_fowner,cap_mknod,cap_sys_admin,cap_sys_chroot=ep loolwsd; \
-    sudo @SETCAP@ cap_sys_admin=ep loolmount; \
+		sudo @SETCAP@ cap_fowner,cap_mknod,cap_sys_chroot=ep loolwsd; \
+		sudo @SETCAP@ cap_sys_admin=ep loolmount; \
 	    else \
 		sudo chown root loolwsd && sudo chmod u+s loolwsd; \
 	    fi; \
author	Henry Castro <hcastro@collabora.com>	2015-12-10 07:47:33 -0400
committer	Henry Castro <hcastro@collabora.com>	2015-12-10 07:47:33 -0400
commit	294422b5a038e6faa9c112c40bda93413196b244 (patch)
tree	37c1ae27b09aadd18dc9d8ef27fc90e51aaa3394
parent	e68aef6bef404882ebbb734c515d8fee58f48395 (diff)