[systemd-commits] src/core

[Harald Hoyer]

 src/core/main.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

New commits:
commit 31c885e9ae53f4b88a36452c4ca10643fdd0fd06
Author: Harald Hoyer <harald at redhat.com>
Date:   Fri Aug 30 10:23:50 2013 +0200

    main: drop capabilities of userhelpers before ours
    
    First drop the capabilities of the userhelpers before dropping our own,
    otherwise we might not be allowed to drop the capabilities of the
    userhelpers. Especially, if we want to drop CAP_SYS_MODULE.
    
    Credits: Matteo Sasso

diff --git a/src/core/main.c b/src/core/main.c
index 0178f10..72bd542 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1509,14 +1509,14 @@ int main(int argc, char *argv[]) {
                         log_error("Failed to adjust timer slack: %m");
 
         if (arg_capability_bounding_set_drop) {
-                r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
+                r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
                 if (r < 0) {
-                        log_error("Failed to drop capability bounding set: %s", strerror(-r));
+                        log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
                         goto finish;
                 }
-                r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
+                r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
                 if (r < 0) {
-                        log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
+                        log_error("Failed to drop capability bounding set: %s", strerror(-r));
                         goto finish;
                 }
         }