shared: capability - don't loop over the cap bits if they are all unset

author: Tom Gundersen <teg@jklm.no> 2014-06-03 11:46:25 +0200
committer: Tom Gundersen <teg@jklm.no> 2014-06-03 11:46:25 +0200
commit: e5999b46792b859043a62431d426a280f26a16d7 (patch)
tree: 774d52e6123494291c3c55ce5f6bddf12adca04d /src/shared/capability.c
parent: ed617ec21117874094ae7eeca978e2897da36ba5 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/src/shared/capability.c b/src/shared/capability.c
index 58270ad8cc..439aac7eaa 100644
--- a/src/shared/capability.c
+++ b/src/shared/capability.c
@@ -264,11 +264,11 @@ int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
         if (!d)
                 return log_oom();
 
-        for (i = 0; i < sizeof(keep_capabilities)*8; i++)
-                if (keep_capabilities & (1ULL << i))
-                        bits[j++] = i;
-
         if (keep_capabilities) {
+                for (i = 0; i < sizeof(keep_capabilities)*8; i++)
+                        if (keep_capabilities & (1ULL << i))
+                                bits[j++] = i;
+
                 if (cap_set_flag(d, CAP_EFFECTIVE, j, bits, CAP_SET) < 0 ||
                     cap_set_flag(d, CAP_PERMITTED, j, bits, CAP_SET) < 0) {
                         log_error("Failed to enable capabilities bits: %m");
author	Tom Gundersen <teg@jklm.no>	2014-06-03 11:46:25 +0200
committer	Tom Gundersen <teg@jklm.no>	2014-06-03 11:46:25 +0200
commit	e5999b46792b859043a62431d426a280f26a16d7 (patch)
tree	774d52e6123494291c3c55ce5f6bddf12adca04d /src/shared/capability.c
parent	ed617ec21117874094ae7eeca978e2897da36ba5 (diff)