> Well gag me with a chainsaw, you're right. I've been staring at > __init_daemon_priv() for a long time, and I don't see how it alters the > effective set. I'm stumped.
It's a bit of a black magic, isn't it. I think it works because when you remove privileges from the permitted set, they are immediately removed from the effective set as well. http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/syscall/ppriv.c#147 -Artem
