diff options
| author | Lennart Poettering <lennart@poettering.net> | 2019-03-21 13:55:09 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-03-21 13:55:09 +0100 |
| commit | c3d13d2ad5fd78a991b3e684fb3460dd7e8c7545 (patch) | |
| tree | 599f3fcff9fae3ad60d7a072fa27e0e1f8afc769 /src/basic | |
| parent | d0b6a10c005ab1fff44d032be995e3f2bcfba225 (diff) | |
| parent | 6757a0135675107576502a034c1068192f9d233d (diff) | |
| download | systemd-c3d13d2ad5fd78a991b3e684fb3460dd7e8c7545.tar.gz | |
Merge pull request #12058 from keszybz/oci-simplifications
Follow-ups for nspawn-oci review
Diffstat (limited to 'src/basic')
| -rw-r--r-- | src/basic/capability-util.c | 9 | ||||
| -rw-r--r-- | src/basic/string-util.h | 5 |
2 files changed, 7 insertions, 7 deletions
diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c index 45fadb9faa..99628f6260 100644 --- a/src/basic/capability-util.c +++ b/src/basic/capability-util.c @@ -367,8 +367,7 @@ bool ambient_capabilities_supported(void) { } int capability_quintet_enforce(const CapabilityQuintet *q) { - _cleanup_cap_free_ cap_t c = NULL; - bool need_set_proc_again = false; + _cleanup_cap_free_ cap_t c = NULL, modified = NULL; int r; if (q->ambient != (uint64_t) -1) { @@ -493,8 +492,6 @@ int capability_quintet_enforce(const CapabilityQuintet *q) { } if (changed) { - _cleanup_cap_free_ cap_t modified = NULL; - /* In order to change the bounding caps, we need to keep CAP_SETPCAP for a bit * longer. Let's add it to our list hence for now. */ if (q->bounding != (uint64_t) -1) { @@ -522,8 +519,6 @@ int capability_quintet_enforce(const CapabilityQuintet *q) { * caps in inherited/permitted/effective anymore, but only lose them.*/ if (cap_set_proc(modified ?: c) < 0) return -errno; - - need_set_proc_again = !!modified; } } @@ -537,7 +532,7 @@ int capability_quintet_enforce(const CapabilityQuintet *q) { * we have already set only in the CAP_SETPCAP bit, which we needed for dropping the bounding * bits. This call only undoes bits and doesn't acquire any which means the bounding caps don't * matter. */ - if (need_set_proc_again) + if (modified) if (cap_set_proc(c) < 0) return -errno; diff --git a/src/basic/string-util.h b/src/basic/string-util.h index b0909dddca..9cf11198b1 100644 --- a/src/basic/string-util.h +++ b/src/basic/string-util.h @@ -180,6 +180,11 @@ char *strrep(const char *s, unsigned n); int split_pair(const char *s, const char *sep, char **l, char **r); int free_and_strdup(char **p, const char *s); +static inline int free_and_strdup_warn(char **p, const char *s) { + if (free_and_strdup(p, s) < 0) + return log_oom(); + return 0; +} int free_and_strndup(char **p, const char *s, size_t l); char *string_erase(char *x); |