From da54228cd9e6fe144efcb2d6da87e3cbb5db5b4c Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Thu, 1 Apr 2010 15:28:57 -0400 Subject: mount.cifs: drop capabilities if libcap is available Might as well be as safe as possible. Have child drop all capabilities, and have the parent drop all but CAP_SYS_ADMIN (needed for mounting) and CAP_DAC_OVERRIDE (needed in case mtab isn't writable by root). We might even eventually consider being clever and dropping CAP_DAC_OVERRIDE when root has access to the mtab. Signed-off-by: Jeff Layton --- configure.ac | 3 +++ 1 file changed, 3 insertions(+) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 9f00bea..46a5848 100644 --- a/configure.ac +++ b/configure.ac @@ -5,6 +5,7 @@ AC_INIT([cifs-utils], [4.1], [jlayton@samba.org], [cifs-utils], [http://samba.or AC_CONFIG_SRCDIR([replace.h]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_FILES([Makefile]) +AC_CONFIG_MACRO_DIR(aclocal) AM_INIT_AUTOMAKE @@ -80,4 +81,6 @@ fi AM_CONDITIONAL(CONFIG_CIFSUPCALL, [test "$enable_cifsupcall" != "no"]) +AC_LIBCAP + AC_OUTPUT -- cgit v1.2.3