gnome3.mutter: drop inheritable cap_sys_nice

In NixOS extra capabilities are provided through the ambient set which provides
real inheritability to user run processes [0].

We don't want gome-shell to spawn processes with cap_sys_nice however (apart
from the obvious this also breaks eg. flatpaks). So we drop inheritable when
starting to prevent further inheritance (the ambient set is only propagated
if inherit is set).

[0] https://github.com/torvalds/linux/commit/58319057b7847667f0c9585b9de0e8932b0fdb08

0 files changed, 0 insertions, 0 deletions