Drop all capabilities on program start

3 files changed, 15 insertions, 2 deletions

diff --git a/Cargo.lock b/Cargo.lock
index 47c45b5..3c386d5 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -26,6 +26,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
 
 [[package]]
+name = "caps"
+version = "0.5.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "190baaad529bcfbde9e1a19022c42781bdb6ff9de25721abdb8fd98c0807730b"
+dependencies = [
+ "libc",
+ "thiserror",
+]
+
+[[package]]
 name = "cc"
 version = "1.0.73"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -146,8 +156,9 @@ dependencies = [
 
 [[package]]
 name = "hancock"
-version = "1.4.0"
+version = "1.5.0"
 dependencies = [
+ "caps",
  "clap",
  "dirs",
  "dotenvy",
diff --git a/Cargo.toml b/Cargo.toml
index 7369bb1..d2d8523 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "hancock"
 authors = ["Galen Guyer <galen@galenguyer.com>"]
-version = "1.4.0"
+version = "1.5.0"
 edition = "2021"
 license = "MIT"
 
@@ -15,6 +15,7 @@ path = "src/cli.rs"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+caps = "0.5.5"
 clap = { version = "3.1.6", features = ["cargo", "derive", "env", "wrap_help"] }
 dirs = "4.0.0"
 dotenvy = "0.15.1"
diff --git a/src/cli.rs b/src/cli.rs
index 964f8cb..9d5aba9 100644
--- a/src/cli.rs
+++ b/src/cli.rs
@@ -20,6 +20,7 @@ pub enum Commands {
 }
 
 fn main() {
+    caps::clear(None, caps::CapSet::Permitted).expect("Unable to clear capabilities");
     let env_file = match Path::new(".env").exists() {
         true => Some(String::from(".env")),
         false => {