libcap-ng/libcap-ng-0.6.3-setpcap.patch

diff -urp libcap-ng-0.6.2/src/cap-ng.c libcap-ng-0.6.3/src/cap-ng.c
--- libcap-ng-0.6.2/src/cap-ng.c	2009-09-23 17:31:00.000000000 -0400
+++ libcap-ng-0.6.3/src/cap-ng.c	2009-10-09 08:59:01.000000000 -0400
@@ -549,8 +549,9 @@ int capng_change_id(int uid, int gid, ca
 
 	// Check the current capabilities
 #ifdef PR_CAPBSET_DROP
-	// If newer kernel, we need setpcap
-	if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP) == 0)
+	// If newer kernel, we need setpcap to change the bounding set
+	if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP) == 0 && 
+					flag & CAPNG_CLEAR_BOUNDING)
 		capng_update(CAPNG_ADD,
 				CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SETPCAP);
 #endif
- Use global macro and require pkgconfig for devel subpackage 2010-02-16 15:50:54 +00:00			`diff -urp libcap-ng-0.6.2/src/cap-ng.c libcap-ng-0.6.3/src/cap-ng.c`
			`--- libcap-ng-0.6.2/src/cap-ng.c 2009-09-23 17:31:00.000000000 -0400`
			`+++ libcap-ng-0.6.3/src/cap-ng.c 2009-10-09 08:59:01.000000000 -0400`
			`@@ -549,8 +549,9 @@ int capng_change_id(int uid, int gid, ca`

			`// Check the current capabilities`
			`#ifdef PR_CAPBSET_DROP`
			`- // If newer kernel, we need setpcap`
			`- if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP) == 0)`
			`+ // If newer kernel, we need setpcap to change the bounding set`
			`+ if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP) == 0 &&`
			`+ flag & CAPNG_CLEAR_BOUNDING)`
			`capng_update(CAPNG_ADD,`
			`CAPNG_EFFECTIVE\|CAPNG_PERMITTED, CAP_SETPCAP);`
			`#endif`