- r = manager_load_config(m);
- if (r < 0) {
- log_error("Could not load configuration files: %s", strerror(-r));
+ /* Always create the directories people can create inotify
+ * watches in. */
+ r = mkdir_safe_label("/run/systemd/netif", 0755, uid, gid);
+ if (r < 0)
+ log_error("Could not create runtime directory: %s",
+ strerror(-r));
+
+ r = mkdir_safe_label("/run/systemd/netif/links", 0755, uid, gid);
+ if (r < 0)
+ log_error("Could not create runtime directory 'links': %s",
+ strerror(-r));
+
+ r = mkdir_safe_label("/run/systemd/netif/leases", 0755, uid, gid);
+ if (r < 0)
+ log_error("Could not create runtime directory 'leases': %s",
+ strerror(-r));
+
+ r = drop_privileges(uid, gid,
+ (1ULL << CAP_NET_ADMIN) |
+ (1ULL << CAP_NET_BIND_SERVICE) |
+ (1ULL << CAP_NET_BROADCAST) |
+ (1ULL << CAP_NET_RAW));
+ if (r < 0)