X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fload-fragment.c;h=ac22b94509babea9412610f024a7c33e90025f35;hb=37f85e66e8f396b6f758e063531b95531aef628e;hp=bd7529ff950461f59e184c02b822437a4e3cce38;hpb=8c7be95e5a80c4bd82d86e9640a071fd98618172;p=elogind.git

diff --git a/src/load-fragment.c b/src/load-fragment.c
index bd7529ff9..ac22b9450 100644
--- a/src/load-fragment.c
+++ b/src/load-fragment.c
@@ -852,12 +852,24 @@ static int config_parse_bounding_set(
         char *w;
         size_t l;
         char *state;
+        bool invert = false;
+        uint64_t sum = 0;
 
         assert(filename);
         assert(lvalue);
         assert(rvalue);
         assert(data);
 
+        if (rvalue[0] == '~') {
+                invert = true;
+                rvalue++;
+        }
+
+        /* Note that we store this inverted internally, since the
+         * kernel wants it like this. But we actually expose it
+         * non-inverted everywhere to have a fully normalized
+         * interface. */
+
         FOREACH_WORD_QUOTED(w, l, rvalue, state) {
                 char *t;
                 int r;
@@ -874,9 +886,14 @@ static int config_parse_bounding_set(
                         return 0;
                 }
 
-                c->capability_bounding_set_drop |= 1 << cap;
+                sum |= ((uint64_t) 1ULL) << (uint64_t) cap;
         }
 
+        if (invert)
+                c->capability_bounding_set_drop |= sum;
+        else
+                c->capability_bounding_set_drop |= ~sum;
+
         return 0;
 }
 
@@ -1397,7 +1414,7 @@ static int config_parse_condition_path(
                 void *userdata) {
 
         Unit *u = data;
-        bool negate;
+        bool trigger, negate;
         Condition *c;
 
         assert(filename);
@@ -1405,6 +1422,9 @@ static int config_parse_condition_path(
         assert(rvalue);
         assert(data);
 
+        if ((trigger = rvalue[0] == '|'))
+                rvalue++;
+
         if ((negate = rvalue[0] == '!'))
                 rvalue++;
 
@@ -1414,7 +1434,7 @@ static int config_parse_condition_path(
         }
 
         if (!(c = condition_new(streq(lvalue, "ConditionPathExists") ? CONDITION_PATH_EXISTS : CONDITION_DIRECTORY_NOT_EMPTY,
-                                rvalue, negate)))
+                                rvalue, trigger, negate)))
                 return -ENOMEM;
 
         LIST_PREPEND(Condition, conditions, u->meta.conditions, c);
@@ -1431,7 +1451,7 @@ static int config_parse_condition_kernel(
                 void *userdata) {
 
         Unit *u = data;
-        bool negate;
+        bool trigger, negate;
         Condition *c;
 
         assert(filename);
@@ -1439,10 +1459,13 @@ static int config_parse_condition_kernel(
         assert(rvalue);
         assert(data);
 
+        if ((trigger = rvalue[0] == '|'))
+                rvalue++;
+
         if ((negate = rvalue[0] == '!'))
                 rvalue++;
 
-        if (!(c = condition_new(CONDITION_KERNEL_COMMAND_LINE, rvalue, negate)))
+        if (!(c = condition_new(CONDITION_KERNEL_COMMAND_LINE, rvalue, trigger, negate)))
                 return -ENOMEM;
 
         LIST_PREPEND(Condition, conditions, u->meta.conditions, c);
@@ -1459,7 +1482,7 @@ static int config_parse_condition_virt(
                 void *userdata) {
 
         Unit *u = data;
-        bool negate;
+        bool trigger, negate;
         Condition *c;
 
         assert(filename);
@@ -1467,10 +1490,13 @@ static int config_parse_condition_virt(
         assert(rvalue);
         assert(data);
 
+        if ((trigger = rvalue[0] == '|'))
+                rvalue++;
+
         if ((negate = rvalue[0] == '!'))
                 rvalue++;
 
-        if (!(c = condition_new(CONDITION_VIRTUALIZATION, rvalue, negate)))
+        if (!(c = condition_new(CONDITION_VIRTUALIZATION, rvalue, trigger, negate)))
                 return -ENOMEM;
 
         LIST_PREPEND(Condition, conditions, u->meta.conditions, c);
@@ -1488,7 +1514,7 @@ static int config_parse_condition_null(
 
         Unit *u = data;
         Condition *c;
-        bool negate;
+        bool trigger, negate;
         int b;
 
         assert(filename);
@@ -1496,6 +1522,9 @@ static int config_parse_condition_null(
         assert(rvalue);
         assert(data);
 
+        if ((trigger = rvalue[0] == '|'))
+                rvalue++;
+
         if ((negate = rvalue[0] == '!'))
                 rvalue++;
 
@@ -1507,7 +1536,7 @@ static int config_parse_condition_null(
         if (!b)
                 negate = !negate;
 
-        if (!(c = condition_new(CONDITION_NULL, NULL, negate)))
+        if (!(c = condition_new(CONDITION_NULL, NULL, trigger, negate)))
                 return -ENOMEM;
 
         LIST_PREPEND(Condition, conditions, u->meta.conditions, c);
@@ -1760,7 +1789,7 @@ static int load_from_path(Unit *u, const char *path) {
                 { "SyslogLevelPrefix",      config_parse_bool,            &(context).syslog_level_prefix,                  section   }, \
                 { "Capabilities",           config_parse_capabilities,    &(context),                                      section   }, \
                 { "SecureBits",             config_parse_secure_bits,     &(context),                                      section   }, \
-                { "CapabilityBoundingSetDrop", config_parse_bounding_set, &(context),                                      section   }, \
+                { "CapabilityBoundingSet",  config_parse_bounding_set,    &(context),                                      section   }, \
                 { "TimerSlackNSec",         config_parse_timer_slack_nsec,&(context),                                      section   }, \
                 { "LimitCPU",               config_parse_limit,           &(context).rlimit[RLIMIT_CPU],                   section   }, \
                 { "LimitFSIZE",             config_parse_limit,           &(context).rlimit[RLIMIT_FSIZE],                 section   }, \