From 88a26e10492c24a4208f3e74b9bcd002aceecf53 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 22 Aug 2024 18:20:38 +0200 Subject: [PATCH] main: generate warning when we cannot reset caps Follow-up for: #32937 --- src/core/main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/core/main.c b/src/core/main.c index 16ba8a5ebc9..6e1219eddb4 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -2513,7 +2513,9 @@ static int initialize_runtime( /* Clear ambient capabilities, so services do not inherit them implicitly. Dropping them does * not affect the permitted and effective sets which are important for the manager itself to * operate. */ - (void) capability_ambient_set_apply(0, /* also_inherit= */ false); + r = capability_ambient_set_apply(0, /* also_inherit= */ false); + if (r < 0) + log_warning_errno(r, "Failed to reset ambient capability set, ignoring: %m"); if (arg_timer_slack_nsec != NSEC_INFINITY) if (prctl(PR_SET_TIMERSLACK, arg_timer_slack_nsec) < 0) -- 2.47.3