From ae28e7c8b1c93c574081af79c54c02a4e916d3d8 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Tue, 25 Dec 2012 17:22:29 +0100
Subject: Remove capability locking feature

This isn't our job, so there is no reason to support this.
---
 src/capabilities.c | 14 --------------
 1 file changed, 14 deletions(-)

(limited to 'src/capabilities.c')

diff --git a/src/capabilities.c b/src/capabilities.c
index 415cce6..5ad2e45 100644
--- a/src/capabilities.c
+++ b/src/capabilities.c
@@ -72,17 +72,6 @@ void fastd_cap_init(fastd_context_t *ctx) {
 	try_cap(ctx, CAP_NET_RAW);
 }
 
-void fastd_cap_lock(fastd_context_t *ctx) {
-	if (prctl(PR_SET_SECUREBITS,
-		  SECBIT_KEEP_CAPS_LOCKED |
-		  SECBIT_NO_SETUID_FIXUP |
-		  SECBIT_NO_SETUID_FIXUP_LOCKED |
-		  SECBIT_NOROOT |
-		  SECBIT_NOROOT_LOCKED) < 0) {
-		pr_debug_errno(ctx, "prctl");
-	}
-}
-
 void fastd_cap_drop(fastd_context_t *ctx) {
 	cap_t caps = cap_init();
 
@@ -103,9 +92,6 @@ void fastd_cap_drop(fastd_context_t *ctx) {
 void fastd_cap_init(fastd_context_t *ctx) {
 }
 
-void fastd_cap_lock(fastd_context_t *ctx) {
-}
-
 void fastd_cap_drop(fastd_context_t *ctx) {
 }
 
-- 
cgit v1.2.3