X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Funit.c;h=20b139d31be6446aeb2090332a952337d6843988;hb=f1660f96f59dad860d39f148c3a747050d112763;hp=5c98843549c9d991e4c0ca554379abf362432153;hpb=f755e3b74b94296a534033dd6ae04d9506434210;p=elogind.git

diff --git a/src/core/unit.c b/src/core/unit.c
index 5c9884354..20b139d31 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1537,7 +1537,7 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, bool reload_su
                 unit_destroy_cgroup(u);
 
         /* Note that this doesn't apply to RemainAfterExit services exiting
-         * sucessfully, since there's no change of state in that case. Which is
+         * successfully, since there's no change of state in that case. Which is
          * why it is handled in service_set_state() */
         if (UNIT_IS_INACTIVE_OR_FAILED(os) != UNIT_IS_INACTIVE_OR_FAILED(ns)) {
                 ExecContext *ec;
@@ -2830,6 +2830,9 @@ int unit_exec_context_patch_defaults(Unit *u, ExecContext *c) {
              !set_isempty(c->address_families)))
                 c->no_new_privileges = true;
 
+        if (c->private_devices)
+                c->capability_bounding_set_drop |= (uint64_t) 1ULL << (uint64_t) CAP_MKNOD;
+
         return 0;
 }