mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-10-27 01:55:32 +03:00
basic: Fix capability_ambient_set_apply for kernels < 4.3
https://github.com/systemd/systemd/pull/14133 made capability_ambient_set_apply() acquire capabilities that were explicitly asked for and drop all others. This change means the function is called even with an empty capability set, opening up a code path for users without ambient capabilities to call this function. This function will error with EINVAL out on kernels < 4.3 because PR_CAP_AMBIENT is not understood. This turns capability_ambient_set_apply() into a noop for kernels < 4.3 Fixes https://github.com/systemd/systemd/issues/15225
This commit is contained in:
parent
3e118d135b
commit
7ea4392f1e
@ -107,6 +107,10 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) {
|
||||
unsigned long i;
|
||||
int r;
|
||||
|
||||
/* Check that we can use PR_CAP_AMBIENT or quit early. */
|
||||
if (!ambient_capabilities_supported())
|
||||
return 0;
|
||||
|
||||
/* Add the capabilities to the ambient set. */
|
||||
|
||||
if (also_inherit) {
|
||||
|
Loading…
Reference in New Issue
Block a user