capability-util: add CAP_MASK_ALL + CAP_MASK_UNSET macros

We should be more careful with distinguishing the cases "all bits set in caps mask" from "cap mask invalid". We so far mostly used UINT64_MAX for both, which is not correct though (as it would mean AmbientCapabilities=~0 followed by AmbientCapabilities=0) would result in capability 63 to be set (which we don't really allow, since that means unset).
author: Lennart Poettering <lennart@poettering.net> 2023-02-20 12:53:26 +0100
committer: Lennart Poettering <lennart@poettering.net> 2023-02-20 16:49:45 +0100
commit: 3fd5190b5e0f2ba08b12cb53e3c27fc1e54a4496 (patch)
tree: 21ee28acaa802c7a16192541729f333eddcf2ad8 /src/core/main.c
parent: 6c5fff017ea460ecda9915654b4d2883fea04ba7 (diff)
download: systemd-3fd5190b5e0f2ba08b12cb53e3c27fc1e54a4496.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/core/main.c b/src/core/main.c
index f28448f9e4..1af9b8b505 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -2458,7 +2458,7 @@ static void reset_arguments(void) {
         arg_manager_environment = strv_free(arg_manager_environment);
         rlimit_free_all(arg_default_rlimit);
 
-        arg_capability_bounding_set = CAP_ALL;
+        arg_capability_bounding_set = CAP_MASK_UNSET;
         arg_no_new_privs = false;
         arg_timer_slack_nsec = NSEC_INFINITY;
         arg_default_timer_accuracy_usec = 1 * USEC_PER_MINUTE;
author	Lennart Poettering <lennart@poettering.net>	2023-02-20 12:53:26 +0100
committer	Lennart Poettering <lennart@poettering.net>	2023-02-20 16:49:45 +0100
commit	3fd5190b5e0f2ba08b12cb53e3c27fc1e54a4496 (patch)
tree	21ee28acaa802c7a16192541729f333eddcf2ad8 /src/core/main.c
parent	6c5fff017ea460ecda9915654b4d2883fea04ba7 (diff)
download	systemd-3fd5190b5e0f2ba08b12cb53e3c27fc1e54a4496.tar.gz