/* Clear ambient capabilities, so services do not inherit them implicitly. Dropping them does
* not affect the permitted and effective sets which are important for the executor itself to
* operate. */
- capability_ambient_set_apply(0, /* also_inherit= */ false);
+ r = capability_ambient_set_apply(0, /* also_inherit= */ false);
+ if (r < 0)
+ log_warning_errno(r, "Failed to clear ambient capabilities, ignoring: %m");
/* This call would collect all passed fds and enable CLOEXEC. We'll unset it in exec_invoke (flag_fds)
* for fds that shall be passed to the child.
r = capability_ambient_set_apply(capability_ambient_set, /* also_inherit= */ false);
if (r < 0)
- log_error_errno(r, "Failed to apply the starting ambient set, ignoring: %m.");
+ log_warning_errno(r, "Failed to apply the starting ambient set, ignoring: %m");
args_size = argc + 5;
args = newa(const char*, args_size);
int r;
+ assert(original_ambient_set);
assert(ret_error_message);
/* Sets up various runtime parameters. Many of these initializations are conditionalized:
* Preserve the ambient set for later use with sd-executor processes. */
r = capability_get_ambient(original_ambient_set);
if (r < 0)
- log_error_errno(r, "Failed to save ambient capabilities, ignoring: %m.");
+ log_warning_errno(r, "Failed to save ambient capabilities, ignoring: %m");
/* Clear ambient capabilities, so services do not inherit them implicitly. Dropping them does
* not affect the permitted and effective sets which are important for the manager itself to
projects / thirdparty / systemd.git / commitdiff
