From c88309d5cd69d9997cfb74a77e340783a7ac63a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Stelmach?= <l.stelmach@samsung.com>
Date: Tue, 12 Jul 2022 13:57:32 +0200
Subject: [PATCH] core: drop ambient capabilities in user manager

Ambient capabilities should not be passed implicitly to user
services. Dropping them does not affect the permitted and effective sets
which are important for the manager itself to operate.

(cherry picked from commit 963b6b906e5666876f5c90b47600b13ae94d5e4c)
---
 src/core/main.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/core/main.c b/src/core/main.c
index 0cf2df6fab..69d450a87e 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -2806,6 +2806,11 @@ int main(int argc, char *argv[]) {
                 /* clear the kernel timestamp, because we are not PID 1 */
                 kernel_timestamp = DUAL_TIMESTAMP_NULL;
 
+                /* Clear ambient capabilities, so services do not inherit them implicitly. Dropping them does
+                 * not affect the permitted and effective sets which are important for the manager itself to
+                 * operate. */
+                capability_ambient_set_apply(0, /* also_inherit= */ false);
+
                 if (mac_selinux_init() < 0) {
                         error_message = "Failed to initialize SELinux support";
                         goto finish;