picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

util-lib: get rid of a helper variable

This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2019-03-21 11:08:09 +01:00
parent f1531db5af
commit 6757a01356
2 changed files with 4 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/basic/capability-util.c
View File

@ -367,8 +367,7 @@ bool ambient_capabilities_supported(void) {
}
int capability_quintet_enforce(const CapabilityQuintet *q) {
_cleanup_cap_free_ cap_t c = NULL;
bool need_set_proc_again = false;
_cleanup_cap_free_ cap_t c = NULL, modified = NULL;
int r;
if (q->ambient != (uint64_t) -1) {
@ -493,8 +492,6 @@ int capability_quintet_enforce(const CapabilityQuintet *q) {
}
if (changed) {
_cleanup_cap_free_ cap_t modified = NULL;
/* In order to change the bounding caps, we need to keep CAP_SETPCAP for a bit
* longer. Let's add it to our list hence for now. */
if (q->bounding != (uint64_t) -1) {
@ -522,8 +519,6 @@ int capability_quintet_enforce(const CapabilityQuintet *q) {
* caps in inherited/permitted/effective anymore, but only lose them.*/
if (cap_set_proc(modified ?: c) < 0)
return -errno;
need_set_proc_again = !!modified;
}
}
@ -537,7 +532,7 @@ int capability_quintet_enforce(const CapabilityQuintet *q) {
* we have already set only in the CAP_SETPCAP bit, which we needed for dropping the bounding
* bits. This call only undoes bits and doesn't acquire any which means the bounding caps don't
* matter. */
if (need_set_proc_again)
if (modified)
if (cap_set_proc(c) < 0)
return -errno;

5
src/nspawn/nspawn-oci.c
View File

@ -87,7 +87,7 @@ static int oci_terminal(const char *name, JsonVariant *v, JsonDispatchFlags flag
Settings *s = userdata;
/* If not specified, or set to true, we'll default to either an interactive or a read-only
* console. If specifiy as false, we'll forcibly move to "pipe" mode though. */
* console. If specified as false, we'll forcibly move to "pipe" mode though. */
s->console_mode = json_variant_boolean(v) ? _CONSOLE_MODE_INVALID : CONSOLE_PIPE;
return 0;
}
@ -194,8 +194,7 @@ static int oci_args(const char *name, JsonVariant *v, JsonDispatchFlags flags, v
return json_log(v, flags, SYNTHETIC_ERRNO(EINVAL),
"Executable name is empty, refusing.");
strv_free_and_replace(*value, l);
return 0;
return strv_free_and_replace(*value, l);
}
static int oci_rlimit_type(const char *name, JsonVariant *v, JsonDispatchFlags flags, void *userdata) {