[bug#75810,4/6] daemon: Drop Linux ambient capabilities before executing builder.

Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id 3642E27BBEA; Fri, 24 Jan 2025 17:26:53 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,
	RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,
	SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no
	version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 5B42927BBE2
	for <patchwork@mira.cbaines.net>; Fri, 24 Jan 2025 17:26:52 +0000 (GMT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1tbNRW-0005fy-Dg; Fri, 24 Jan 2025 12:26:06 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tbNRU-0005ew-Eh
 for guix-patches@gnu.org; Fri, 24 Jan 2025 12:26:04 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tbNRT-00087d-Ul
 for guix-patches@gnu.org; Fri, 24 Jan 2025 12:26:04 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org;
 h=MIME-Version:References:In-Reply-To:Date:From:To:Subject;
 bh=EJBKOU++7w/goxoEBuHLi3cBsE8e18X1/aR/9Jrf8LE=;
 b=g3278LP54IUxqH4A7wWFlkQ0TYYxO1rsYw+/m9KgqA0YGvsGszS6QCbzkq0MqieG9IWtg9QTU47dJLpLFjN4zzgeFKjcoUV4/OzxUgm6iv2XMt7zJLfHTzE6/1EUbH22AQaDj6ybPeIjNm2R5mypCpoDCpMZT8StjJXDzr2y7c/6N6y/+RvjPUb5JZ2afqXj4Qlztu4Mi6HTSwaH3RGM+Gr0BFmc+Fo+R5xBKEFlvkWYwtyzvo7XBjQEF6Ye/FxDhURCb/IbhGHr1GCYsaQfFoSiR+Fj3vd01KOVTOB+O4iUH+9KDdh4MJiEGiG9Hz/ueV6NayNMvR2e5E3oQSe6xQ==;
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tbNRT-0003Vq-PN
 for guix-patches@gnu.org; Fri, 24 Jan 2025 12:26:03 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#75810] [PATCH 4/6] daemon: Drop Linux ambient capabilities
 before executing builder.
Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Fri, 24 Jan 2025 17:26:03 +0000
Resent-Message-ID: <handler.75810.B75810.173773952513401@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 75810
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 75810@debbugs.gnu.org
Cc: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Received: via spool by 75810-submit@debbugs.gnu.org id=B75810.173773952513401
 (code B ref 75810); Fri, 24 Jan 2025 17:26:03 +0000
Received: (at 75810) by debbugs.gnu.org; 24 Jan 2025 17:25:25 +0000
Received: from localhost ([127.0.0.1]:46902 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1tbNQr-0003Ty-8R
 for submit@debbugs.gnu.org; Fri, 24 Jan 2025 12:25:25 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:39768)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <ludo@gnu.org>) id 1tbNQk-0003Oo-Ky
 for 75810@debbugs.gnu.org; Fri, 24 Jan 2025 12:25:19 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1tbNQf-00083D-9K; Fri, 24 Jan 2025 12:25:13 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=EJBKOU++7w/goxoEBuHLi3cBsE8e18X1/aR/9Jrf8LE=; b=fB+G4mN2dIcVTtbIfWdw
 MgcupQqBw2810LhWVSmlEWRVsjDJKjpS8Vtm/MZcnSIsV0naVdz+oEePbqjPrqKWhHrygl0HBP0E8
 WRH5WFPvzxEzoXoq/eXYxloUG31MGrzu1nVjbnhRalfOhIyqwhqYuD+yGfd2QQqNQOEhaF7Hn6Mz8
 TveWbZ4iO2wnzMxmO67lJZShHgwTQVY5sgSof18plO49997H+u+c3E0bMX21RNZuao1TSQ2KeXqnU
 7xeQbH1hpueJKB/xYjcXskeNcywddrfXJrpymARsRQdSlKjsE663erac8q8lnr0Wju1icfctI8scT
 XnLfPgve3bG0yQ==;
From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Date: Fri, 24 Jan 2025 18:24:54 +0100
Message-ID: 
 <d0fe57ac1b0f14d2fcfb01b9c9de80905cee73e1.1737738362.git.ludo@gnu.org>
X-Mailer: git-send-email 2.47.1
In-Reply-To: <cover.1737738362.git.ludo@gnu.org>
References: <cover.1737738362.git.ludo@gnu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches