- static int cached_can_setgroups = -1;
- /* check if setgroups is allowed before we try to drop all the auxiliary groups */
- if (size == 0) {
- if (cached_can_setgroups < 0) {
- _cleanup_free_ char *setgroups_content = NULL;
- int r = read_one_line_file("/proc/self/setgroups", &setgroups_content);
- if (r < 0 && errno != ENOENT)
- return r;
- if (r < 0) {
- /* old kernels don't have /proc/self/setgroups, so assume we can use setgroups */
- cached_can_setgroups = true;
- } else {
- cached_can_setgroups = streq(setgroups_content, "allow");
- if (!cached_can_setgroups)
- log_debug("skip setgroups, /proc/self/setgroups is set to 'deny'");
- }
- }
- if (!cached_can_setgroups)
+ int r;
+
+ /* Check if setgroups is allowed before we try to drop all the auxiliary groups */
+ if (size == 0) { /* Dropping all aux groups? */
+ _cleanup_free_ char *setgroups_content = NULL;
+ bool can_setgroups;
+
+ r = read_one_line_file("/proc/self/setgroups", &setgroups_content);
+ if (r == -ENOENT)
+ /* Old kernels don't have /proc/self/setgroups, so assume we can use setgroups */
+ can_setgroups = true;
+ else if (r < 0)
+ return r;
+ else
+ can_setgroups = streq(setgroups_content, "allow");
+
+ if (!can_setgroups) {
+ log_debug("Skipping setgroups(), /proc/self/setgroups is set to 'deny'");