X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fshared%2Fcapability.c;h=58f00e6daec180c910bb72ff4cf83efd0c7c1ec3;hb=5484fc17a125fd9ced214aefc000d337f77ace35;hp=57f392a4da887228c616577f63c8b37ca8ad03b5;hpb=057255fbbf2ecb1c46e025b04087fa9340d9880d;p=elogind.git
diff --git a/src/shared/capability.c b/src/shared/capability.c
index 57f392a4d..58f00e6da 100644
--- a/src/shared/capability.c
+++ b/src/shared/capability.c
@@ -19,14 +19,9 @@
along with systemd; If not, see .
***/
-#include
-#include
#include
#include
#include
-#include
-#include
-#include
#include
#include
#include "grp.h"
@@ -55,7 +50,7 @@ unsigned long cap_last_cap(void) {
static thread_local unsigned long saved;
static thread_local bool valid = false;
_cleanup_free_ char *content = NULL;
- unsigned long p;
+ unsigned long p = 0;
int r;
if (valid)
@@ -275,10 +270,10 @@ int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
if (keep_capabilities & (1ULL << i))
bits[j++] = i;
- /* don't keep too many bits */
- assert((keep_capabilities & (~1ULL << i)) == 0);
- /* don't throw away too many bits */
- assert(((keep_capabilities >> i) & (~1ULL >> i)) == 0);
+ /* use enough bits */
+ assert(i == 64 || (keep_capabilities >> i) == 0);
+ /* don't use too many bits */
+ assert(keep_capabilities & (1ULL << (i - 1)));
if (cap_set_flag(d, CAP_EFFECTIVE, j, bits, CAP_SET) < 0 ||
cap_set_flag(d, CAP_PERMITTED, j, bits, CAP_SET) < 0) {