capability: don't skip ambient caps setup if we actually have something to set

author Lennart Poettering <lennart@poettering.net>

Thu, 2 Apr 2020 15:20:47 +0000 (17:20 +0200)

committer Lennart Poettering <lennart@poettering.net>

Fri, 3 Apr 2020 16:02:08 +0000 (18:02 +0200)
author Lennart Poettering <lennart@poettering.net>
Thu, 2 Apr 2020 15:20:47 +0000 (17:20 +0200)
committer Lennart Poettering <lennart@poettering.net>
Fri, 3 Apr 2020 16:02:08 +0000 (18:02 +0200)
diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c

index caffda62af870b5d3e627b83a83e950b25dd1d34..9dbebfa1678d205b2d7e4f2637e7f15bc9640f44 100644 (file)
--- a/src/basic/capability-util.c
+++ b/src/basic/capability-util.c
@@ -107,11 +107,13 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) {
          unsigned long i;
          int r;
  
+        /* Add the capabilities to the ambient set (an possibly also the inheritable set) */
+
          /* Check that we can use PR_CAP_AMBIENT or quit early. */
          if (!ambient_capabilities_supported())
-                return 0;
-
-        /* Add the capabilities to the ambient set. */
+                return (set & all_capabilities()) == 0 ?
+                        0 : -EOPNOTSUPP; /* if actually no ambient caps are to be set, be silent,
+                                          * otherwise fail recognizably */
  
          if (also_inherit) {
                  caps = cap_get_proc();
author	Lennart Poettering <lennart@poettering.net>
	Thu, 2 Apr 2020 15:20:47 +0000 (17:20 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Fri, 3 Apr 2020 16:02:08 +0000 (18:02 +0200)