capabilities: keep bounding set in non-inverted format.

Change the capability bounding set parser and logic so that the bounding set is kept as a positive set internally. This means that the set reflects those capabilities that we want to keep instead of drop.
author: Ismo Puustinen <ismo.puustinen@intel.com> 2016-01-08 00:00:04 +0200
committer: Ismo Puustinen <ismo.puustinen@intel.com> 2016-01-12 12:14:50 +0200
commit: a103496ca585e22bb5e386e3238b468d133f5659 (patch)
tree: 7d9b33722f54c969fc145f7d5fe31afe13aff09c /src/core/execute.h
parent: f466acdc633fc496961eff0c7f66501f4588e5b6 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/core/execute.h b/src/core/execute.h
index be5be9f531..9d2cdb8728 100644
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -155,7 +155,7 @@ struct ExecContext {
         char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
         unsigned long mount_flags;
 
-        uint64_t capability_bounding_set_drop;
+        uint64_t capability_bounding_set;
 
         cap_t capabilities;
         int secure_bits;
author	Ismo Puustinen <ismo.puustinen@intel.com>	2016-01-08 00:00:04 +0200
committer	Ismo Puustinen <ismo.puustinen@intel.com>	2016-01-12 12:14:50 +0200
commit	a103496ca585e22bb5e386e3238b468d133f5659 (patch)
tree	7d9b33722f54c969fc145f7d5fe31afe13aff09c /src/core/execute.h
parent	f466acdc633fc496961eff0c7f66501f4588e5b6 (diff)