systemd-resolved fails to start: Failed to drop capabilities: Operation not permitted Broken in f11943c53ec181829a821c6b27acf828bab71caa. Drop all capabilities: 1. prctl(PR_SET_KEEPCAPS, keep_capabilities != 0) // 0 when we drop all capabilities 2. setresuid() // bye bye capabilities 3. Add CAP_SETPCAP // fails because we have no capabilities 4. Reduce capability bounding set 5. Drop capabilities 6. prctl(PR_SET_KEEPCAPS, 0) Capabilites should always be kept after setresuid() so that the capability bounding set can be reduced. --- a/src/shared/capability.c +++ b/src/shared/capability.c @@ -249,7 +249,7 @@ int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) { return log_error_errno(errno, "Failed to drop auxiliary groups list: %m"); /* Ensure we keep the permitted caps across the setresuid(), if we need them */ - if (prctl(PR_SET_KEEPCAPS, keep_capabilities != 0) < 0) + if (prctl(PR_SET_KEEPCAPS, 1) < 0) return log_error_errno(errno, "Failed to enable keep capabilities flag: %m"); r = setresuid(uid, uid, uid);
Should be fixed in http://cgit.freedesktop.org/systemd/systemd/commit/?id=51ddf61540. I made a slightly more extensive patch, since your patch actually left the process with PR_SET_KEEPCAPS set to 1.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.