kwin: don't leak CAP_SYS_NICE

The capability wrapper raises CAP_SYS_NICE into the ambient set. As a
result, not only is kwin_wayland itself granted that capability, but
also all applications started by it (even transitively, i.e. the entire
desktop environment). While CAP_SYS_NICE is not a particularly dangerous
capability, that behaviour is still not great; furthermore it's annoying
because it breaks programs checking that they are not granted any
capabilities (e.g. bubblewrap).

Fix this behaviour by adding a patch that causes kwin_wayland to lower
CAP_SYS_NICE from the ambient capability set at startup. That way,
expected upstream behaviour is restored.

0 files changed, 0 insertions, 0 deletions