}
int capability_quintet_enforce(const CapabilityQuintet *q) {
- _cleanup_cap_free_ cap_t c = NULL;
- bool need_set_proc_again = false;
+ _cleanup_cap_free_ cap_t c = NULL, modified = NULL;
int r;
if (q->ambient != (uint64_t) -1) {
}
if (changed) {
- _cleanup_cap_free_ cap_t modified = NULL;
-
/* In order to change the bounding caps, we need to keep CAP_SETPCAP for a bit
* longer. Let's add it to our list hence for now. */
if (q->bounding != (uint64_t) -1) {
* caps in inherited/permitted/effective anymore, but only lose them.*/
if (cap_set_proc(modified ?: c) < 0)
return -errno;
-
- need_set_proc_again = !!modified;
}
}
* we have already set only in the CAP_SETPCAP bit, which we needed for dropping the bounding
* bits. This call only undoes bits and doesn't acquire any which means the bounding caps don't
* matter. */
- if (need_set_proc_again)
+ if (modified)
if (cap_set_proc(c) < 0)
return -errno;
Settings *s = userdata;
/* If not specified, or set to true, we'll default to either an interactive or a read-only
- * console. If specifiy as false, we'll forcibly move to "pipe" mode though. */
+ * console. If specified as false, we'll forcibly move to "pipe" mode though. */
s->console_mode = json_variant_boolean(v) ? _CONSOLE_MODE_INVALID : CONSOLE_PIPE;
return 0;
}
return json_log(v, flags, SYNTHETIC_ERRNO(EINVAL),
"Executable name is empty, refusing.");
- strv_free_and_replace(*value, l);
- return 0;
+ return strv_free_and_replace(*value, l);
}
static int oci_rlimit_type(const char *name, JsonVariant *v, JsonDispatchFlags flags, void *userdata) {
projects / thirdparty / systemd.git / commitdiff
