From d3c1c74c97b9b1ead622755b553d4e6015e6660c Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Wed, 27 Nov 2019 09:25:25 +0100
Subject: Drop cap bounding set also in --userns case

This is the same as the --unshare-user case.
---
 bubblewrap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bubblewrap.c b/bubblewrap.c
index 9fa836d..1b75a48 100644
--- a/bubblewrap.c
+++ b/bubblewrap.c
@@ -805,7 +805,7 @@ static void
 switch_to_user_with_privs (void)
 {
   /* If we're in a new user namespace, we got back the bounding set, clear it again */
-  if (opt_unshare_user)
+  if (opt_unshare_user || opt_userns_fd != -1)
     drop_cap_bounding_set (FALSE);
 
   if (!is_privileged)
-- 
cgit v1.2.1