From a103496ca585e22bb5e386e3238b468d133f5659 Mon Sep 17 00:00:00 2001
From: Ismo Puustinen <ismo.puustinen@intel.com>
Date: Fri, 8 Jan 2016 00:00:04 +0200
Subject: capabilities: keep bounding set in non-inverted format.

Change the capability bounding set parser and logic so that the bounding
set is kept as a positive set internally. This means that the set
reflects those capabilities that we want to keep instead of drop.
---
 src/core/execute.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/core/execute.h')

diff --git a/src/core/execute.h b/src/core/execute.h
index be5be9f531..9d2cdb8728 100644
--- a/src/core/execute.h
+++ b/src/core/execute.h
@@ -155,7 +155,7 @@ struct ExecContext {
         char **read_write_dirs, **read_only_dirs, **inaccessible_dirs;
         unsigned long mount_flags;
 
-        uint64_t capability_bounding_set_drop;
+        uint64_t capability_bounding_set;
 
         cap_t capabilities;
         int secure_bits;
-- 
cgit v1.2.3-54-g00ecf