From: Martin Pitt <martin.pitt@canonical.com>
Subject: do not set CAP_SYS_TIME as inheritable
Bug: http://bugs.ntp.org/1432
Bug-Debian: http://bugs.debian.org/282941
Bug-Debian: http://bugs.debian.org/298059

Index: ntp-4.2.6.p3+dfsg/ntpd/ntpd.c
===================================================================
--- ntp-4.2.6.p3+dfsg.orig/ntpd/ntpd.c	2011-06-03 15:26:29.000000000 +0000
+++ ntp-4.2.6.p3+dfsg/ntpd/ntpd.c	2011-06-03 15:27:00.000000000 +0000
@@ -1016,8 +1016,8 @@
 			 */
 			cap_t caps;
 			char *captext = (interface_interval)
-				? "cap_sys_time,cap_net_bind_service=ipe"
-				: "cap_sys_time=ipe";
+				? "cap_sys_time,cap_net_bind_service=pe"
+				: "cap_sys_time=pe";
 			if( ! ( caps = cap_from_text( captext ) ) ) {
 				msyslog( LOG_ERR, "cap_from_text() failed: %m" );
 				exit(-1);