resolve: update comment, avoid alarming wrongness
`systemd-resolved.service` runs as `User=systemd-resolved`, and uses certain Capabilit{y,ies} magic. By my understanding, this means it is started with a number of "privileges". Indeed, `capabilities(7)` explains > Linux divides the privileges traditionally > associated with superuser into distinct units, known as capabilities, > which can be independently enabled and disabled." This situation appears to contradict our current code comment which said > If we are not running as root we assume all privileges are already dropped. This appears to be a confusion in the comment only. The rest of the code tells a much clearer story. (Don't ask me if the story is correct. `capabilities(7)` scares me). Let's tweak the comment to make it consistent and avoid worrying readers about this.
This commit is contained in:
parent
9e2acd1d24
commit
8f8112f916
|
@ -50,7 +50,7 @@ int main(int argc, char *argv[]) {
|
||||||
goto finish;
|
goto finish;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Drop privileges, but only if we have been started as root. If we are not running as root we assume all
|
/* Drop privileges, but only if we have been started as root. If we are not running as root we assume most
|
||||||
* privileges are already dropped. */
|
* privileges are already dropped. */
|
||||||
if (getuid() == 0) {
|
if (getuid() == 0) {
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue