From 5e4b7294d88ab58371d8c98e05ea80086dcb67cd Mon Sep 17 00:00:00 2001
From: Bob Halley <source@isc.org>
Date: Tue, 1 Feb 2000 20:17:32 +0000
Subject: [PATCH] remove CAP_SYS_RESOURCE

---
 bin/named/unix/os.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/bin/named/unix/os.c b/bin/named/unix/os.c
index b759339d15..5a576e4d63 100644
--- a/bin/named/unix/os.c
+++ b/bin/named/unix/os.c
@@ -76,14 +76,16 @@ linux_initialprivs(void) {
 
 	/*
 	 * Drop all privileges except the abilities to bind() to privileged
-	 * ports, set resource limits, and chroot().
+	 * ports and chroot().
 	 */
 
 	caps = 0;
 	caps |= (1 << CAP_NET_BIND_SERVICE);
-	caps |= (1 << CAP_SYS_RESOURCE);
 	caps |= (1 << CAP_SYS_CHROOT);
-
+	/*
+	 * XXX  We might want to add CAP_SYS_RESOURCE, though it's not
+	 *      clear it would work right given the way linuxthreads work.
+	 */
 	linux_setcaps(caps);
 }
 
@@ -93,12 +95,11 @@ linux_minprivs(void) {
 
 	/*
 	 * Drop all privileges except the abilities to bind() to privileged
-	 * ports and set resource limits.
+	 * ports.
 	 */
 
 	caps = 0;
 	caps |= (1 << CAP_NET_BIND_SERVICE);
-	caps |= (1 << CAP_SYS_RESOURCE);
 
 	linux_setcaps(caps);
 }