From d91c34f21ff7445dcee3efe2368aebe2d6c266db Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 22 Mar 2013 23:25:54 +0100
Subject: exec: Assigning the empty string to CapabilityBoundSet= should drop
 all caps

Previously, it would set all caps, but it should drop them all, anything
else makes little sense.

Also, document that this works as it does, and what to do in order to
assign all caps to the bounding set.

https://bugzilla.redhat.com/show_bug.cgi?id=914705
---
 src/core/load-fragment.c | 6 ------
 src/core/unit.c          | 9 ++++++++-
 2 files changed, 8 insertions(+), 7 deletions(-)

(limited to 'src')

diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 2204c67a4b..6d90428af0 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -889,12 +889,6 @@ int config_parse_bounding_set(
         assert(rvalue);
         assert(data);
 
-        if (isempty(rvalue)) {
-                /* An empty assignment resets */
-                *capability_bounding_set_drop = 0;
-                return 0;
-        }
-
         if (rvalue[0] == '~') {
                 invert = true;
                 rvalue++;
diff --git a/src/core/unit.c b/src/core/unit.c
index a1249dc093..d43558e6df 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -2645,7 +2645,14 @@ int unit_kill(Unit *u, KillWho w, int signo, DBusError *error) {
         return UNIT_VTABLE(u)->kill(u, w, signo, error);
 }
 
-int unit_kill_common(Unit *u, KillWho who, int signo, pid_t main_pid, pid_t control_pid, DBusError *error) {
+int unit_kill_common(
+                Unit *u,
+                KillWho who,
+                int signo,
+                pid_t main_pid,
+                pid_t control_pid,
+                DBusError *error) {
+
         int r = 0;
 
         if (who == KILL_MAIN && main_pid <= 0) {
-- 
cgit v1.2.3-54-g00ecf