diff options
author | Lennart Poettering <lennart@poettering.net> | 2023-02-20 12:53:26 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2023-02-20 16:49:45 +0100 |
commit | 3fd5190b5e0f2ba08b12cb53e3c27fc1e54a4496 (patch) | |
tree | 21ee28acaa802c7a16192541729f333eddcf2ad8 /src/core/main.c | |
parent | 6c5fff017ea460ecda9915654b4d2883fea04ba7 (diff) | |
download | systemd-3fd5190b5e0f2ba08b12cb53e3c27fc1e54a4496.tar.gz |
capability-util: add CAP_MASK_ALL + CAP_MASK_UNSET macros
We should be more careful with distinguishing the cases "all bits set in
caps mask" from "cap mask invalid". We so far mostly used UINT64_MAX for
both, which is not correct though (as it would mean
AmbientCapabilities=~0 followed by AmbientCapabilities=0) would result
in capability 63 to be set (which we don't really allow, since that
means unset).
Diffstat (limited to 'src/core/main.c')
-rw-r--r-- | src/core/main.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/core/main.c b/src/core/main.c index f28448f9e4..1af9b8b505 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -2458,7 +2458,7 @@ static void reset_arguments(void) { arg_manager_environment = strv_free(arg_manager_environment); rlimit_free_all(arg_default_rlimit); - arg_capability_bounding_set = CAP_ALL; + arg_capability_bounding_set = CAP_MASK_UNSET; arg_no_new_privs = false; arg_timer_slack_nsec = NSEC_INFINITY; arg_default_timer_accuracy_usec = 1 * USEC_PER_MINUTE; |