From: Alan Jenkins Date: Mon, 27 Aug 2018 18:09:58 +0000 (+0100) Subject: resolve: update comment, avoid alarming wrongness X-Git-Tag: v240~783 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8f8112f916c68746c436c3e4314b226fee820f1e;p=thirdparty%2Fsystemd.git resolve: update comment, avoid alarming wrongness `systemd-resolved.service` runs as `User=systemd-resolved`, and uses certain Capabilit{y,ies} magic. By my understanding, this means it is started with a number of "privileges". Indeed, `capabilities(7)` explains > Linux divides the privileges traditionally > associated with superuser into distinct units, known as capabilities, > which can be independently enabled and disabled." This situation appears to contradict our current code comment which said > If we are not running as root we assume all privileges are already dropped. This appears to be a confusion in the comment only. The rest of the code tells a much clearer story. (Don't ask me if the story is correct. `capabilities(7)` scares me). Let's tweak the comment to make it consistent and avoid worrying readers about this. --- diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c index d4d6cba201a..fbae0b28be8 100644 --- a/src/resolve/resolved.c +++ b/src/resolve/resolved.c @@ -50,7 +50,7 @@ int main(int argc, char *argv[]) { goto finish; } - /* Drop privileges, but only if we have been started as root. If we are not running as root we assume all + /* Drop privileges, but only if we have been started as root. If we are not running as root we assume most * privileges are already dropped. */ if (getuid() == 0) {