diff --git a/Makefile.am b/Makefile.am
index 6778763..9291c4d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -28,6 +28,7 @@ install-exec-hook:
 	chmod g+s $(DESTDIR)$(bindir)/scado
 	chown cado $(DESTDIR)$(bindir)/cado
 	chmod u+s $(DESTDIR)$(bindir)/cado
+	ldconfig $(DESTDIR)$(libdir)
 	$(DESTDIR)$(bindir)/cado -s
 
 CLEANFILES = cado_paths.h
diff --git a/read_conf.c b/read_conf.c
index acc27c7..3963cbd 100644
--- a/read_conf.c
+++ b/read_conf.c
@@ -51,7 +51,7 @@ static int groupmatch (char *group, char **grouplist) {
 
 /* execs security, children must drop their capabilities */
 static int drop_capabilities(void *useless) {
-	return prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0);
+	return drop_all_ambient_cap();
 }
 
 /* get_authorized_caps returns the set of authorized capabilities
diff --git a/set_ambient_cap.c b/set_ambient_cap.c
index 8f71786..80fdc56 100644
--- a/set_ambient_cap.c
+++ b/set_ambient_cap.c
@@ -1,21 +1,21 @@
-/* 
+/*
  * cado: execute a command in a capability ambient
  * Copyright (C) 2016  Renzo Davoli, University of Bologna
- * 
+ *
  * This file is part of cado.
  *
  * Cado is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; either version 2
  * of the License, or (at your option) any later version.
- * 
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
- * along with this program; If not, see <http://www.gnu.org/licenses/>. 
+ * along with this program; If not, see <http://www.gnu.org/licenses/>.
  *
  */
 
@@ -35,6 +35,9 @@
 #ifndef PR_CAP_AMBIENT_LOWER
 #define PR_CAP_AMBIENT_LOWER	3
 #endif
+#ifndef PR_CAP_AMBIENT_CLEAR_ALL
+#define PR_CAP_AMBIENT_CLEAR_ALL    4
+#endif
 
 /* set the ambient capabilities to match the bitmap capset.
 	 the capability #k is active if and only if the (k+1)-th least significative bit in capset is 1.
@@ -88,6 +91,10 @@ void drop_ambient_cap(uint64_t capset) {
 	}
 }
 
+int drop_all_ambient_cap(void) {
+	  return prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0);
+}
+
 /* turn cap_dac_read_search on and off to have "extra" powers only when needed */
 void raise_cap_dac_read_search(void) {
 	cap_value_t cap=CAP_DAC_READ_SEARCH;
@@ -102,3 +109,4 @@ void lower_cap_dac_read_search(void) {
 	cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap, CAP_CLEAR);
 	cap_set_proc(caps);
 }
+
diff --git a/set_ambient_cap.h b/set_ambient_cap.h
index d696c5f..bc1d52a 100644
--- a/set_ambient_cap.h
+++ b/set_ambient_cap.h
@@ -6,6 +6,8 @@ void set_ambient_cap(uint64_t capset);
 
 void drop_ambient_cap(uint64_t capset);
 
+int drop_all_ambient_cap(void);
+
 void raise_cap_dac_read_search(void);
 
 void lower_cap_dac_read_search(void);