===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/doas/doas.c,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -r1.95 -r1.96
--- src/usr.bin/doas/doas.c	2022/02/25 18:29:32	1.95
+++ src/usr.bin/doas/doas.c	2022/03/04 05:37:21	1.96
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.c,v 1.95 2022/02/25 18:29:32 tedu Exp $ */
+/* $OpenBSD: doas.c,v 1.96 2022/03/04 05:37:21 tb Exp $ */
 /*
  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
  *
@@ -452,7 +452,10 @@
 	if (targpw == NULL)
 		errx(1, "no passwd entry for target");
 
-	if (setusercontext(NULL, targpw, target, LOGIN_SETALL) == -1)
+	if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP |
+	    LOGIN_SETPATH |
+	    LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
+	    LOGIN_SETUSER | LOGIN_SETENV | LOGIN_SETRTABLE) != 0)
 		errx(1, "failed to set user context for target");
 
 	if (pledge("stdio rpath exec", NULL) == -1)