Saturday, July 16, 2011, 11:50:49 PM, you wrote:
> Unices do not support thread-based UIDs or privileges. > (IIRC Windows does, but again, that is of no concern > right now). No. POSIX capabilities are thread local. That's why it doesn't play well with uid changing. Maybe it's not supposed to work this way but experimentally if you call cap_set_proc it changes the capabilities only in the current thread. That's why it must be done before the other threads are started. But if you change the effective user id, all capabilities in all threads are changed. > We should foremost concentrate our efforts > on centralizing privilege handling. Yes. For now, I have fixed the original libcap related problem but this will come up again at some point.
