shared: capability - don't loop over the cap bits if they are all unset

author Tom Gundersen <teg@jklm.no>

Tue, 3 Jun 2014 09:46:25 +0000 (11:46 +0200)

committer Tom Gundersen <teg@jklm.no>

Tue, 3 Jun 2014 09:46:25 +0000 (11:46 +0200)
author Tom Gundersen <teg@jklm.no>
Tue, 3 Jun 2014 09:46:25 +0000 (11:46 +0200)
committer Tom Gundersen <teg@jklm.no>
Tue, 3 Jun 2014 09:46:25 +0000 (11:46 +0200)
diff --git a/src/shared/capability.c b/src/shared/capability.c

index 58270ad8cc250e1c14a45e4be4acb901628e5b3a..439aac7eaae0117f5a27e83550c995fec06e2b78 100644 (file)
--- a/src/shared/capability.c
+++ b/src/shared/capability.c
@@ -264,11 +264,11 @@ int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
          if (!d)
                  return log_oom();
  
          if (!d)
                  return log_oom();
  
-        for (i = 0; i < sizeof(keep_capabilities)*8; i++)
-                if (keep_capabilities & (1ULL << i))
-                        bits[j++] = i;
-
          if (keep_capabilities) {
          if (keep_capabilities) {
+                for (i = 0; i < sizeof(keep_capabilities)*8; i++)
+                        if (keep_capabilities & (1ULL << i))
+                                bits[j++] = i;
+
                  if (cap_set_flag(d, CAP_EFFECTIVE, j, bits, CAP_SET) < 0 ||
                      cap_set_flag(d, CAP_PERMITTED, j, bits, CAP_SET) < 0) {
                          log_error("Failed to enable capabilities bits: %m");
                  if (cap_set_flag(d, CAP_EFFECTIVE, j, bits, CAP_SET) < 0 ||
                      cap_set_flag(d, CAP_PERMITTED, j, bits, CAP_SET) < 0) {
                          log_error("Failed to enable capabilities bits: %m");
author	Tom Gundersen <teg@jklm.no>
	Tue, 3 Jun 2014 09:46:25 +0000 (11:46 +0200)
committer	Tom Gundersen <teg@jklm.no>
	Tue, 3 Jun 2014 09:46:25 +0000 (11:46 +0200)