Merge pull request #2265 from ipuustin/ambient

capabilities: added support for ambient capabilities.
author: Lennart Poettering <lennart@poettering.net> 2016-01-12 15:16:24 +0100
committer: Lennart Poettering <lennart@poettering.net> 2016-01-12 15:16:24 +0100
commit: 1f52a79d4eb0216bf1f2d96539609f02d8bb9e71 (patch)
tree: d175e992048df607a2e851d51ca738e4f0e53d38 /src/import
parent: 4a6a24be180337f405591c7fa4fa112a765c53bb (diff)
parent: ece87975a97509b48a01b1e3da2e99c1c7dfd77a (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/import/import-common.c b/src/import/import-common.c
index a8551ca9e8..8a48bd7bf9 100644
--- a/src/import/import-common.c
+++ b/src/import/import-common.c
@@ -134,7 +134,7 @@ int import_fork_tar_x(const char *path, pid_t *ret) {
                 if (unshare(CLONE_NEWNET) < 0)
                         log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");
 
-                r = capability_bounding_set_drop(~retain, true);
+                r = capability_bounding_set_drop(retain, true);
                 if (r < 0)
                         log_error_errno(r, "Failed to drop capabilities, ignoring: %m");
 
@@ -208,7 +208,7 @@ int import_fork_tar_c(const char *path, pid_t *ret) {
                 if (unshare(CLONE_NEWNET) < 0)
                         log_error_errno(errno, "Failed to lock tar into network namespace, ignoring: %m");
 
-                r = capability_bounding_set_drop(~retain, true);
+                r = capability_bounding_set_drop(retain, true);
                 if (r < 0)
                         log_error_errno(r, "Failed to drop capabilities, ignoring: %m");
author	Lennart Poettering <lennart@poettering.net>	2016-01-12 15:16:24 +0100
committer	Lennart Poettering <lennart@poettering.net>	2016-01-12 15:16:24 +0100
commit	1f52a79d4eb0216bf1f2d96539609f02d8bb9e71 (patch)
tree	d175e992048df607a2e851d51ca738e4f0e53d38 /src/import
parent	4a6a24be180337f405591c7fa4fa112a765c53bb (diff)
parent	ece87975a97509b48a01b1e3da2e99c1c7dfd77a (diff)