picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

resolve: update comment, avoid alarming wrongness 

`systemd-resolved.service` runs as `User=systemd-resolved`, and uses certain
Capabilit{y,ies} magic. By my understanding, this means it is started with a
number of "privileges".  Indeed, `capabilities(7)` explains

> Linux divides  the  privileges  traditionally
> associated  with  superuser into distinct units, known as capabilities,
> which can be independently enabled and disabled."

This situation appears to contradict our current code comment which said

> If we are not running as root we assume all privileges are already dropped.

This appears to be a confusion in the comment only.  The rest of the code
tells a much clearer story.  (Don't ask me if the story is correct.
`capabilities(7)` scares me).  Let's tweak the comment to make it consistent
and avoid worrying readers about this.
This commit is contained in:
Alan Jenkins 2018-08-27 19:09:58 +01:00 committed by Zbigniew Jędrzejewski-Szmek
parent 9e2acd1d24
commit 8f8112f916
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/resolve/resolved.c
View File

@ -50,7 +50,7 @@ int main(int argc, char *argv[]) {
goto finish;
}
/* Drop privileges, but only if we have been started as root. If we are not running as root we assume all
/* Drop privileges, but only if we have been started as root. If we are not running as root we assume most
* privileges are already dropped. */
if (getuid() == 0) {