8 files changed, 39 insertions, 19 deletions

diff --git a/src/nspawn/nspawn-cgroup.c b/src/nspawn/nspawn-cgroup.c
index 4e86ed13cb..270bcf010f 100644
--- a/src/nspawn/nspawn-cgroup.c
+++ b/src/nspawn/nspawn-cgroup.c
@@ -21,6 +21,7 @@
 
 #include <sys/mount.h>
 
+#include "alloc-util.h"
 #include "cgroup-util.h"
 #include "fd-util.h"
 #include "fileio.h"
diff --git a/src/nspawn/nspawn-expose-ports.c b/src/nspawn/nspawn-expose-ports.c
index 98e4a7682f..38245434da 100644
--- a/src/nspawn/nspawn-expose-ports.c
+++ b/src/nspawn/nspawn-expose-ports.c
@@ -21,12 +21,14 @@
 
 #include "sd-netlink.h"
 
+#include "alloc-util.h"
 #include "fd-util.h"
 #include "firewall-util.h"
 #include "in-addr-util.h"
 #include "local-addresses.h"
 #include "netlink-util.h"
 #include "nspawn-expose-ports.h"
+#include "parse-util.h"
 #include "socket-util.h"
 #include "string-util.h"
 #include "util.h"
diff --git a/src/nspawn/nspawn-mount.c b/src/nspawn/nspawn-mount.c
index 25457fd62d..ee61306aa5 100644
--- a/src/nspawn/nspawn-mount.c
+++ b/src/nspawn/nspawn-mount.c
@@ -22,17 +22,23 @@
 #include <sys/mount.h>
 #include <linux/magic.h>
 
+#include "alloc-util.h"
 #include "cgroup-util.h"
 #include "escape.h"
+#include "fs-util.h"
 #include "label.h"
 #include "mkdir.h"
+#include "mount-util.h"
+#include "nspawn-mount.h"
+#include "parse-util.h"
 #include "path-util.h"
 #include "rm-rf.h"
 #include "set.h"
+#include "stat-util.h"
 #include "string-util.h"
 #include "strv.h"
+#include "user-util.h"
 #include "util.h"
-#include "nspawn-mount.h"
 
 CustomMount* custom_mount_add(CustomMount **l, unsigned *n, CustomMountType t) {
         CustomMount *c, *ret;
diff --git a/src/nspawn/nspawn-network.c b/src/nspawn/nspawn-network.c
index 4af18a4e94..29384b60b2 100644
--- a/src/nspawn/nspawn-network.c
+++ b/src/nspawn/nspawn-network.c
@@ -26,6 +26,7 @@
 #include "sd-id128.h"
 #include "sd-netlink.h"
 
+#include "alloc-util.h"
 #include "ether-addr-util.h"
 #include "netlink-util.h"
 #include "siphash24.h"
diff --git a/src/nspawn/nspawn-register.c b/src/nspawn/nspawn-register.c
index b2776a61c2..7139ad9958 100644
--- a/src/nspawn/nspawn-register.c
+++ b/src/nspawn/nspawn-register.c
@@ -21,12 +21,12 @@
 
 #include "sd-bus.h"
 
-#include "util.h"
-#include "strv.h"
-#include "bus-util.h"
 #include "bus-error.h"
-
+#include "bus-util.h"
 #include "nspawn-register.h"
+#include "stat-util.h"
+#include "strv.h"
+#include "util.h"
 
 int register_machine(
                 const char *machine_name,
diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c
index f088884776..6885d0641e 100644
--- a/src/nspawn/nspawn-settings.c
+++ b/src/nspawn/nspawn-settings.c
@@ -19,12 +19,13 @@
   along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/
 
-#include "util.h"
-#include "conf-parser.h"
-#include "strv.h"
+#include "alloc-util.h"
 #include "cap-list.h"
-
+#include "conf-parser.h"
 #include "nspawn-settings.h"
+#include "process-util.h"
+#include "strv.h"
+#include "util.h"
 
 int settings_load(FILE *f, const char *path, Settings **ret) {
         _cleanup_(settings_freep) Settings *s = NULL;
diff --git a/src/nspawn/nspawn-setuid.c b/src/nspawn/nspawn-setuid.c
index 6b4ca5a3f3..aa6a16309c 100644
--- a/src/nspawn/nspawn-setuid.c
+++ b/src/nspawn/nspawn-setuid.c
@@ -23,6 +23,7 @@
 #include <sys/types.h>
 #include <unistd.h>
 
+#include "alloc-util.h"
 #include "fd-util.h"
 #include "mkdir.h"
 #include "nspawn-setuid.h"
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 6502fe1943..ff12ca6498 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -46,12 +46,13 @@
 #include "sd-daemon.h"
 #include "sd-id128.h"
 
+#include "alloc-util.h"
 #include "barrier.h"
 #include "base-filesystem.h"
 #include "blkid-util.h"
 #include "btrfs-util.h"
 #include "cap-list.h"
-#include "capability.h"
+#include "capability-util.h"
 #include "cgroup-util.h"
 #include "copy.h"
 #include "dev-setup.h"
@@ -61,6 +62,7 @@
 #include "fdset.h"
 #include "fileio.h"
 #include "formats-util.h"
+#include "fs-util.h"
 #include "gpt.h"
 #include "hostname-util.h"
 #include "log.h"
@@ -69,6 +71,7 @@
 #include "macro.h"
 #include "missing.h"
 #include "mkdir.h"
+#include "mount-util.h"
 #include "netlink-util.h"
 #include "nspawn-cgroup.h"
 #include "nspawn-expose-ports.h"
@@ -77,6 +80,7 @@
 #include "nspawn-register.h"
 #include "nspawn-settings.h"
 #include "nspawn-setuid.h"
+#include "parse-util.h"
 #include "path-util.h"
 #include "process-util.h"
 #include "ptyfwd.h"
@@ -87,10 +91,13 @@
 #endif
 #include "signal-util.h"
 #include "socket-util.h"
+#include "stat-util.h"
+#include "stdio-util.h"
 #include "string-util.h"
 #include "strv.h"
 #include "terminal-util.h"
 #include "udev-util.h"
+#include "umask-util.h"
 #include "user-util.h"
 #include "util.h"
 
@@ -380,6 +387,7 @@ static int parse_argv(int argc, char *argv[]) {
         };
 
         int c, r;
+        const char *p;
         uint64_t plus = 0, minus = 0;
         bool mask_all_settings = false, mask_no_settings = false;
 
@@ -517,15 +525,16 @@ static int parse_argv(int argc, char *argv[]) {
 
                 case ARG_CAPABILITY:
                 case ARG_DROP_CAPABILITY: {
-                        const char *state, *word;
-                        size_t length;
+                        p = optarg;
+                        for(;;) {
+                                _cleanup_free_ char *t = NULL;
 
-                        FOREACH_WORD_SEPARATOR(word, length, optarg, ",", state) {
-                                _cleanup_free_ char *t;
+                                r = extract_first_word(&p, &t, ",", 0);
+                                if (r < 0)
+                                        return log_error_errno(r, "Failed to parse capability %s.", t);
 
-                                t = strndup(word, length);
-                                if (!t)
-                                        return log_oom();
+                                if (r == 0)
+                                        break;
 
                                 if (streq(t, "all")) {
                                         if (c == ARG_CAPABILITY)
@@ -3218,8 +3227,7 @@ int main(int argc, char *argv[]) {
         }
 
         for (;;) {
-                _cleanup_close_pair_ int kmsg_socket_pair[2] = { -1, -1 }, rtnl_socket_pair[2] = { -1, -1 }, pid_socket_pair[2] = { -1, -1 },
-                                         uid_shift_socket_pair[2] = { -1, -1 };
+                _cleanup_close_pair_ int kmsg_socket_pair[2] = { -1, -1 }, rtnl_socket_pair[2] = { -1, -1 }, pid_socket_pair[2] = { -1, -1 }, uid_shift_socket_pair[2] = { -1, -1 };
                 ContainerStatus container_status;
                 _cleanup_(barrier_destroy) Barrier barrier = BARRIER_NULL;
                 static const struct sigaction sa = {