X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=src%2Fbasic%2Fcapability-util.h;fp=src%2Fbasic%2Fcapability-util.h;h=b5bce29ab53841d672a7d0871ff95fd917c5df4f;hb=f66ad46066a9911192f0b49eb06dae7dafc0c983;hp=e69b2fbb957854da3ec0eb52ca977729155e4e3d;hpb=a5a4dfa1bc0078c858c250cbe6e97c0c04bf90f8;p=thirdparty%2Fsystemd.git

diff --git a/src/basic/capability-util.h b/src/basic/capability-util.h
index e69b2fbb957..b5bce29ab53 100644
--- a/src/basic/capability-util.h
+++ b/src/basic/capability-util.h
@@ -69,4 +69,9 @@ static inline bool capability_quintet_is_set(const CapabilityQuintet *q) {
                 q->ambient != (uint64_t) -1;
 }
 
+/* Mangles the specified caps quintet taking the current bounding set into account:
+ * drops all caps from all five sets if our bounding set doesn't allow them.
+ * Returns true if the quintet was modified. */
+bool capability_quintet_mangle(CapabilityQuintet *q);
+
 int capability_quintet_enforce(const CapabilityQuintet *q);