From 8f8112f916c68746c436c3e4314b226fee820f1e Mon Sep 17 00:00:00 2001 From: Alan Jenkins Date: Mon, 27 Aug 2018 19:09:58 +0100 Subject: [PATCH] resolve: update comment, avoid alarming wrongness `systemd-resolved.service` runs as `User=systemd-resolved`, and uses certain Capabilit{y,ies} magic. By my understanding, this means it is started with a number of "privileges". Indeed, `capabilities(7)` explains > Linux divides the privileges traditionally > associated with superuser into distinct units, known as capabilities, > which can be independently enabled and disabled." This situation appears to contradict our current code comment which said > If we are not running as root we assume all privileges are already dropped. This appears to be a confusion in the comment only. The rest of the code tells a much clearer story. (Don't ask me if the story is correct. `capabilities(7)` scares me). Let's tweak the comment to make it consistent and avoid worrying readers about this. --- src/resolve/resolved.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c index d4d6cba201..fbae0b28be 100644 --- a/src/resolve/resolved.c +++ b/src/resolve/resolved.c @@ -50,7 +50,7 @@ int main(int argc, char *argv[]) { goto finish; } - /* Drop privileges, but only if we have been started as root. If we are not running as root we assume all + /* Drop privileges, but only if we have been started as root. If we are not running as root we assume most * privileges are already dropped. */ if (getuid() == 0) {