forked from mirrors/nixpkgs
2d6247a414
From gkd-capability.c: This program needs the CAP_IPC_LOCK posix capability. We want to allow either setuid root or file system based capabilies to work. If file system based capabilities, this is a no-op unless the root user is running the program. In that case we just drop capabilities down to IPC_LOCK. If we are setuid root, then change to the invoking user retaining just the IPC_LOCK capability. The application is aborted if for any reason we are unable to drop privileges. |
||
---|---|---|
.. | ||
default.nix |