diff options
| author | Lennart Poettering <lennart@poettering.net> | 2020-04-02 17:20:47 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2020-04-03 18:02:08 +0200 |
| commit | c4b23712634d020184393ba83451bd200a1e785f (patch) | |
| tree | e5c670ffd4872584338f1100e7dc69c271c73096 | |
| parent | e30934c80f8c690c77cd04d8f904a55ec474e888 (diff) | |
| download | systemd-c4b23712634d020184393ba83451bd200a1e785f.tar.gz | |
capability: don't skip ambient caps setup if we actually have something to set
Follow-up for 7ea4392f1e444388caa706d6bd64fb7b30dc2903
Let's not hide errors needlessly aggressively.
| -rw-r--r-- | src/basic/capability-util.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c index caffda62af..9dbebfa167 100644 --- a/src/basic/capability-util.c +++ b/src/basic/capability-util.c @@ -107,11 +107,13 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) { unsigned long i; int r; + /* Add the capabilities to the ambient set (an possibly also the inheritable set) */ + /* Check that we can use PR_CAP_AMBIENT or quit early. */ if (!ambient_capabilities_supported()) - return 0; - - /* Add the capabilities to the ambient set. */ + return (set & all_capabilities()) == 0 ? + 0 : -EOPNOTSUPP; /* if actually no ambient caps are to be set, be silent, + * otherwise fail recognizably */ if (also_inherit) { caps = cap_get_proc(); |