haveged/haveged-capabilties.patch

--- configure.ac.orig	2010-09-24 18:13:42.282707000 +0200
+++ configure.ac	2010-09-24 18:13:42.311704000 +0200
@@ -68,7 +68,7 @@ AC_FUNC_MALLOC
 AC_FUNC_SELECT_ARGTYPES
 AC_TYPE_SIGNAL
 AC_CHECK_FUNCS([floor gettimeofday memset pow select sqrt])
-
+LIBCAP_NG_PATH
 # Sets hardware depedent define for the build
 AC_SUBST(HA_CPPFLAGS,$HA_CPPFLAGS)
 
--- src/Makefile.am.orig	2009-09-01 22:45:25.000000000 +0200
+++ src/Makefile.am	2010-09-24 18:13:42.319719000 +0200
@@ -4,5 +4,5 @@ AM_CFLAGS=-Wall
 AM_CPPFLAGS = @HA_CPPFLAGS@
 
 haveged_SOURCES = haveged.c havege.c havegedef.h haveged.h havege.h oneiteration.h loopbody.h
-
+haveged_LDADD = @CAPNG_LDADD@
 MAINTAINERCLEANFILES = Makefile.in
--- src/haveged.c.orig	2010-09-24 18:13:42.276714000 +0200
+++ src/haveged.c	2010-09-24 18:14:41.605757000 +0200
@@ -16,6 +16,11 @@
  ** You should have received a copy of the GNU General Public License
  ** along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
 #include <stdlib.h>
 #include <stdio.h>
 #include <math.h>
@@ -37,6 +42,10 @@
 #include <linux/random.h>
 #include <errno.h>
 
+#ifdef HAVE_LIBCAP_NG
+#include <cap-ng.h>
+#endif
+
 #include "havege.h"
 /**
  * Parameters
@@ -170,6 +179,12 @@ int get_poolsize()
  */
 int main(int argc, char **argv)
 {
+#ifdef HAVE_LIBCAP_NG
+       /* Drop capabilities */
+       capng_clear(CAPNG_SELECT_BOTH);
+       capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SYS_ADMIN);
+       capng_apply(CAPNG_SELECT_BOTH);
+#endif
    static const char* cmds[] = {
       "d", "data",    "1", "Data cache size [KB]",
       "i", "inst",    "1", "Instruction cache size [KB]",