From c4c416b109387d06c4e0a69bb9c02326583130c6 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Wed, 31 Jul 2024 18:38:14 +0200
Subject: [PATCH] core: clean up ambient capability logging

Follow-up for e0ebc81b2d194206c519375394bd67baa19e67ce
---
 src/core/executor.c | 4 +++-
 src/core/main.c     | 5 +++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/core/executor.c b/src/core/executor.c
index acd0872d23e..23dcf6b57f7 100644
--- a/src/core/executor.c
+++ b/src/core/executor.c
@@ -210,7 +210,9 @@ static int run(int argc, char *argv[]) {
         /* Clear ambient capabilities, so services do not inherit them implicitly. Dropping them does
          * not affect the permitted and effective sets which are important for the executor itself to
          * operate. */
-        capability_ambient_set_apply(0, /* also_inherit= */ false);
+        r = capability_ambient_set_apply(0, /* also_inherit= */ false);
+        if (r < 0)
+                log_warning_errno(r, "Failed to clear ambient capabilities, ignoring: %m");
 
         /* This call would collect all passed fds and enable CLOEXEC. We'll unset it in exec_invoke (flag_fds)
          * for fds that shall be passed to the child.
diff --git a/src/core/main.c b/src/core/main.c
index 401e4b5b946..078b968ae4d 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -2001,7 +2001,7 @@ static int do_reexecute(
 
         r = capability_ambient_set_apply(capability_ambient_set, /* also_inherit= */ false);
         if (r < 0)
-                log_error_errno(r, "Failed to apply the starting ambient set, ignoring: %m.");
+                log_warning_errno(r, "Failed to apply the starting ambient set, ignoring: %m");
 
         args_size = argc + 5;
         args = newa(const char*, args_size);
@@ -2383,6 +2383,7 @@ static int initialize_runtime(
 
         int r;
 
+        assert(original_ambient_set);
         assert(ret_error_message);
 
         /* Sets up various runtime parameters. Many of these initializations are conditionalized:
@@ -2506,7 +2507,7 @@ static int initialize_runtime(
          * Preserve the ambient set for later use with sd-executor processes. */
         r = capability_get_ambient(original_ambient_set);
         if (r < 0)
-                log_error_errno(r, "Failed to save ambient capabilities, ignoring: %m.");
+                log_warning_errno(r, "Failed to save ambient capabilities, ignoring: %m");
 
         /* Clear ambient capabilities, so services do not inherit them implicitly. Dropping them does
          * not affect the permitted and effective sets which are important for the manager itself to
-- 
2.47.3