capabilities: keep bounding set in non-inverted format.

Change the capability bounding set parser and logic so that the bounding set is kept as a positive set internally. This means that the set reflects those capabilities that we want to keep instead of drop.
author: Ismo Puustinen <ismo.puustinen@intel.com> 2016-01-08 00:00:04 +0200
committer: Ismo Puustinen <ismo.puustinen@intel.com> 2016-01-12 12:14:50 +0200
commit: a103496ca585e22bb5e386e3238b468d133f5659 (patch)
tree: 7d9b33722f54c969fc145f7d5fe31afe13aff09c /src/core/unit.c
parent: f466acdc633fc496961eff0c7f66501f4588e5b6 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/core/unit.c b/src/core/unit.c
index b977ac7f0c..e1bc6c75cb 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -3231,7 +3231,7 @@ int unit_patch_contexts(Unit *u) {
                         ec->no_new_privileges = true;
 
                 if (ec->private_devices)
-                        ec->capability_bounding_set_drop |= (uint64_t) 1ULL << (uint64_t) CAP_MKNOD;
+                        ec->capability_bounding_set &= ~(UINT64_C(1) << CAP_MKNOD);
         }
 
         cc = unit_get_cgroup_context(u);
author	Ismo Puustinen <ismo.puustinen@intel.com>	2016-01-08 00:00:04 +0200
committer	Ismo Puustinen <ismo.puustinen@intel.com>	2016-01-12 12:14:50 +0200
commit	a103496ca585e22bb5e386e3238b468d133f5659 (patch)
tree	7d9b33722f54c969fc145f7d5fe31afe13aff09c /src/core/unit.c
parent	f466acdc633fc496961eff0c7f66501f4588e5b6 (diff)