unit_destroy_cgroup(u);
/* Note that this doesn't apply to RemainAfterExit services exiting
- * sucessfully, since there's no change of state in that case. Which is
+ * successfully, since there's no change of state in that case. Which is
* why it is handled in service_set_state() */
if (UNIT_IS_INACTIVE_OR_FAILED(os) != UNIT_IS_INACTIVE_OR_FAILED(ns)) {
ExecContext *ec;
!set_isempty(c->address_families)))
c->no_new_privileges = true;
+ if (c->private_devices)
+ c->capability_bounding_set_drop |= (uint64_t) 1ULL << (uint64_t) CAP_MKNOD;
+
return 0;
}