From b1bd63547bce3ec97fb0eace033969dcaf0ea59e Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Wed, 8 May 2013 14:58:28 +0200
Subject: [PATCH] capabilities: initialize supplementary groups only when doing
 a setuid()

---
 src/libstrongswan/utils/capabilities.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libstrongswan/utils/capabilities.c b/src/libstrongswan/utils/capabilities.c
index 44a14496c5..c58ce2fdf6 100644
--- a/src/libstrongswan/utils/capabilities.c
+++ b/src/libstrongswan/utils/capabilities.c
@@ -225,7 +225,7 @@ METHOD(capabilities_t, drop, bool,
 	prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
 #endif
 
-	if (!init_supplementary_groups(this))
+	if (this->uid && !init_supplementary_groups(this))
 	{
 		DBG1(DBG_LIB, "initializing supplementary groups for %u failed",
 			 this->uid);