picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

shared: capability - don't loop over the cap bits if they are all unset

Browse source
This commit is contained in:
Tom Gundersen 2014-06-03 11:46:25 +02:00
parent ed617ec211
commit e5999b4679
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/shared/capability.c
View file

@ -264,11 +264,11 @@ int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
if (!d)
return log_oom();
for (i = 0; i < sizeof(keep_capabilities)*8; i++)
if (keep_capabilities & (1ULL << i))
bits[j++] = i;
if (keep_capabilities) {
for (i = 0; i < sizeof(keep_capabilities)*8; i++)
if (keep_capabilities & (1ULL << i))
bits[j++] = i;
if (cap_set_flag(d, CAP_EFFECTIVE, j, bits, CAP_SET) < 0 ||
cap_set_flag(d, CAP_PERMITTED, j, bits, CAP_SET) < 0) {
log_error("Failed to enable capabilities bits: %m");