From a103496ca585e22bb5e386e3238b468d133f5659 Mon Sep 17 00:00:00 2001
From: Ismo Puustinen <ismo.puustinen@intel.com>
Date: Fri, 8 Jan 2016 00:00:04 +0200
Subject: capabilities: keep bounding set in non-inverted format.

Change the capability bounding set parser and logic so that the bounding
set is kept as a positive set internally. This means that the set
reflects those capabilities that we want to keep instead of drop.
---
 src/core/unit.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/core/unit.c')

diff --git a/src/core/unit.c b/src/core/unit.c
index b977ac7f0c..e1bc6c75cb 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -3231,7 +3231,7 @@ int unit_patch_contexts(Unit *u) {
                         ec->no_new_privileges = true;
 
                 if (ec->private_devices)
-                        ec->capability_bounding_set_drop |= (uint64_t) 1ULL << (uint64_t) CAP_MKNOD;
+                        ec->capability_bounding_set &= ~(UINT64_C(1) << CAP_MKNOD);
         }
 
         cc = unit_get_cgroup_context(u);
-- 
cgit v1.2.3-54-g00ecf