chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
ed617ec
)
shared: capability - don't loop over the cap bits if they are all unset
author
Tom Gundersen
<teg@jklm.no>
Tue, 3 Jun 2014 09:46:25 +0000
(11:46 +0200)
committer
Tom Gundersen
<teg@jklm.no>
Tue, 3 Jun 2014 09:46:25 +0000
(11:46 +0200)
src/shared/capability.c
patch
|
blob
|
history
diff --git
a/src/shared/capability.c
b/src/shared/capability.c
index 58270ad8cc250e1c14a45e4be4acb901628e5b3a..439aac7eaae0117f5a27e83550c995fec06e2b78 100644
(file)
--- a/
src/shared/capability.c
+++ b/
src/shared/capability.c
@@
-264,11
+264,11
@@
int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
if (!d)
return log_oom();
if (!d)
return log_oom();
- for (i = 0; i < sizeof(keep_capabilities)*8; i++)
- if (keep_capabilities & (1ULL << i))
- bits[j++] = i;
-
if (keep_capabilities) {
if (keep_capabilities) {
+ for (i = 0; i < sizeof(keep_capabilities)*8; i++)
+ if (keep_capabilities & (1ULL << i))
+ bits[j++] = i;
+
if (cap_set_flag(d, CAP_EFFECTIVE, j, bits, CAP_SET) < 0 ||
cap_set_flag(d, CAP_PERMITTED, j, bits, CAP_SET) < 0) {
log_error("Failed to enable capabilities bits: %m");
if (cap_set_flag(d, CAP_EFFECTIVE, j, bits, CAP_SET) < 0 ||
cap_set_flag(d, CAP_PERMITTED, j, bits, CAP_SET) < 0) {
log_error("Failed to enable capabilities bits: %m");