<filename>/etc/systemd/nspawn/</filename> and
<filename>/run/system/nspawn/</filename> (see above). On the
other hand, <varname>DropCapability=</varname> takes effect in
- all cases.</para></listitem>
+ all cases. If the special value <literal>all</literal> is passed, all
+ capabilities are retained (or dropped).</para></listitem>
</varlistentry>
<varlistentry>
if (r == 0)
break;
- r = capability_from_name(word);
- if (r < 0) {
- log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse capability, ignoring: %s", word);
- continue;
- }
+ if (streq(word, "all"))
+ u = (uint64_t) -1;
+ else {
+ r = capability_from_name(word);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse capability, ignoring: %s", word);
+ continue;
+ }
- u |= UINT64_C(1) << r;
+ u |= UINT64_C(1) << r;
+ }
}
if (u == 0)
projects / thirdparty / systemd.git / commitdiff
