From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 22 Aug 2024 16:20:38 +0000 (+0200)
Subject: main: generate warning when we cannot reset caps
X-Git-Tag: v257-rc1~645^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=88a26e10492c24a4208f3e74b9bcd002aceecf53;p=thirdparty%2Fsystemd.git

main: generate warning when we cannot reset caps

Follow-up for: #32937
---

diff --git a/src/core/main.c b/src/core/main.c
index 16ba8a5ebc9..6e1219eddb4 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -2513,7 +2513,9 @@ static int initialize_runtime(
         /* Clear ambient capabilities, so services do not inherit them implicitly. Dropping them does
          * not affect the permitted and effective sets which are important for the manager itself to
          * operate. */
-        (void) capability_ambient_set_apply(0, /* also_inherit= */ false);
+        r = capability_ambient_set_apply(0, /* also_inherit= */ false);
+        if (r < 0)
+                log_warning_errno(r, "Failed to reset ambient capability set, ignoring: %m");
 
         if (arg_timer_slack_nsec != NSEC_INFINITY)
                 if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0)