search for: setgit

...bug #2482, reported some time ago and it is attempting to resolve old chicken-egg problem with chroot (in combination with SELinux), but it can make sense also to the normal Linux to drop additional privileges earlier (or in the other parts of code). With SELinux, we can avoid giving out setuid, setgit capabilities to the very limited SELinux users which is very desirable (we can't switch SELinux context in chroot, so we had to have these permissions to drop uid and gid). The new behavior drops all capabilities (except SYS_CHROOT) before chroot and the SYS_CHROOT capability just after it. E...