exec: properly apply capability bounding set, add inverted bounding sets

author: Lennart Poettering <lennart@poettering.net> 2011-03-18 03:13:15 +0100
committer: Lennart Poettering <lennart@poettering.net> 2011-03-18 04:52:45 +0100
commit: 260abb780a135e4cae8c10715c7e85675efc345a (patch)
tree: a21a20d20b33ea05c68442b9970e0b6d9a02434e /src/dbus-execute.c
parent: 893844ed434e35e6227e0b17c16b7047360170e2 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/src/dbus-execute.c b/src/dbus-execute.c
index 504651fc9f..35e6d377ee 100644
--- a/src/dbus-execute.c
+++ b/src/dbus-execute.c
@@ -234,6 +234,24 @@ int bus_execute_append_timer_slack_nsec(Manager *m, DBusMessageIter *i, const ch
         return 0;
 }
 
+int bus_execute_append_capability_bs(Manager *m, DBusMessageIter *i, const char *property, void *data) {
+        ExecContext *c = data;
+        uint64_t normal, inverted;
+
+        assert(m);
+        assert(i);
+        assert(property);
+        assert(c);
+
+        /* We store this negated internally, to match the kernel, bu
+         * we expose it normalized. */
+
+        normal = *(uint64_t*) data;
+        inverted = ~normal;
+
+        return bus_property_append_uint64(m, i, property, &inverted);
+}
+
 int bus_execute_append_capabilities(Manager *m, DBusMessageIter *i, const char *property, void *data) {
         ExecContext *c = data;
         char *t = NULL;
author	Lennart Poettering <lennart@poettering.net>	2011-03-18 03:13:15 +0100
committer	Lennart Poettering <lennart@poettering.net>	2011-03-18 04:52:45 +0100
commit	260abb780a135e4cae8c10715c7e85675efc345a (patch)
tree	a21a20d20b33ea05c68442b9970e0b6d9a02434e /src/dbus-execute.c
parent	893844ed434e35e6227e0b17c16b7047360170e2 (diff)