Update libcap-ng capability handling v2 (!34) · Merge requests · GNOME / gnome-keyring

Steven Grubb requested to merge sgrubb/gnome-keyring:libcap-ng-update into master Nov 20, 2020

There is a change in libcap-ng-0.8.1 that causes gnome-keyring to not work correctly. The capng_apply function now returns an error if it cannot change the bounding set. Previously this was ignored. Which means now gnome-keyring exits when it shouldn't.

The new patch adds troubleshooting info to the error messages. And it checks to see if we have CAP_SETPCAP. If we do not, then we cannot change the bounding set and just set capabilities. On the setuid side, it now drops the bounding set and clears any supplemental groups that may be left over as an accident.

Update libcap-ng capability handling v2

Merge request reports