summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHarald Hoyer <harald@redhat.com>2013-08-30 10:23:50 +0200
committerHarald Hoyer <harald@redhat.com>2013-08-30 10:26:49 +0200
commit31c885e9ae53f4b88a36452c4ca10643fdd0fd06 (patch)
tree8979d734e9f398ca2a1e68f0b3e9b9159be016d9
parentb534166eaec8fef9902a68f75cab8eeae458b23c (diff)
main: drop capabilities of userhelpers before ours
First drop the capabilities of the userhelpers before dropping our own, otherwise we might not be allowed to drop the capabilities of the userhelpers. Especially, if we want to drop CAP_SYS_MODULE. Credits: Matteo Sasso
-rw-r--r--src/core/main.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/core/main.c b/src/core/main.c
index 0178f10720..72bd542af0 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1509,14 +1509,14 @@ int main(int argc, char *argv[]) {
log_error("Failed to adjust timer slack: %m");
if (arg_capability_bounding_set_drop) {
- r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
+ r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
if (r < 0) {
- log_error("Failed to drop capability bounding set: %s", strerror(-r));
+ log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
goto finish;
}
- r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
+ r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
if (r < 0) {
- log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
+ log_error("Failed to drop capability bounding set: %s", strerror(-r));
goto finish;
}
}