X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fshared%2Fcapability.c;h=89e61430b0d21603f5bafa16809133369b028ffa;hb=31938a8560a664c32a9d72f1fc2d4347b232e6e9;hp=439aac7eaae0117f5a27e83550c995fec06e2b78;hpb=e5999b46792b859043a62431d426a280f26a16d7;p=elogind.git

diff --git a/src/shared/capability.c b/src/shared/capability.c
index 439aac7ea..89e61430b 100644
--- a/src/shared/capability.c
+++ b/src/shared/capability.c
@@ -85,9 +85,9 @@ unsigned long cap_last_cap(void) {
 }
 
 int capability_bounding_set_drop(uint64_t drop, bool right_now) {
-        unsigned long i;
-        _cleanup_cap_free_ cap_t after_cap = NULL, temp_cap = NULL;
+        _cleanup_cap_free_ cap_t after_cap = NULL;
         cap_flag_value_t fv;
+        unsigned long i;
         int r;
 
         /* If we are run as PID 1 we will lack CAP_SETPCAP by default
@@ -103,6 +103,7 @@ int capability_bounding_set_drop(uint64_t drop, bool right_now) {
                 return -errno;
 
         if (fv != CAP_SET) {
+                _cleanup_cap_free_ cap_t temp_cap = NULL;
                 static const cap_value_t v = CAP_SETPCAP;
 
                 temp_cap = cap_dup(after_cap);
@@ -217,8 +218,6 @@ int capability_bounding_set_drop_usermode(uint64_t drop) {
 int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
 
         _cleanup_cap_free_ cap_t d = NULL;
-        cap_value_t bits[sizeof(keep_capabilities)*8];
-        unsigned i, j = 0;
         int r;
 
         /* Unfortunately we cannot leave privilege dropping to PID 1
@@ -229,7 +228,7 @@ int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
          * which we want to avoid. */
 
         if (setresgid(gid, gid, gid) < 0) {
-                log_error("Failed change group ID: %m");
+                log_error("Failed to change group ID: %m");
                 return -errno;
         }
 
@@ -245,7 +244,7 @@ int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
 
         r = setresuid(uid, uid, uid);
         if (r < 0) {
-                log_error("Failed change user ID: %m");
+                log_error("Failed to change user ID: %m");
                 return -errno;
         }
 
@@ -256,7 +255,7 @@ int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
 
         r = capability_bounding_set_drop(~keep_capabilities, true);
         if (r < 0) {
-                log_error("Failed to drop capabilities: %s", strerror(-r));
+                log_error_errno(r, "Failed to drop capabilities: %m");
                 return r;
         }
 
@@ -265,6 +264,9 @@ int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
                 return log_oom();
 
         if (keep_capabilities) {
+                cap_value_t bits[sizeof(keep_capabilities)*8];
+                unsigned i, j = 0;
+
                 for (i = 0; i < sizeof(keep_capabilities)*8; i++)
                         if (keep_capabilities & (1ULL << i))
                                 bits[j++] = i;