[systemd-commits] man/systemd-nspawn.xml src/nspawn
Lennart Poettering
lennart at kemper.freedesktop.org
Thu Feb 13 02:45:48 CET 2014
man/systemd-nspawn.xml | 7 +++++--
src/nspawn/nspawn.c | 28 ++++++++++++++++------------
2 files changed, 21 insertions(+), 14 deletions(-)
New commits:
commit 39ed67d14694983dabd6641c02216aa440eed767
Author: Lennart Poettering <lennart at poettering.net>
Date: Thu Feb 13 02:45:11 2014 +0100
nspawn: introduce --capability=all for retaining all capabilities
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index 8f92b84..ba2c5a4 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -310,8 +310,11 @@
CAP_SYS_CHROOT, CAP_SYS_NICE,
CAP_SYS_PTRACE, CAP_SYS_TTY_CONFIG,
CAP_SYS_RESOURCE, CAP_SYS_BOOT,
- CAP_AUDIT_WRITE,
- CAP_AUDIT_CONTROL.</para></listitem>
+ CAP_AUDIT_WRITE, CAP_AUDIT_CONTROL. If
+ the special value
+ <literal>all</literal> is passed all
+ capabilities are
+ retained.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index d5add4a..0b25334 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -300,25 +300,29 @@ static int parse_argv(int argc, char *argv[]) {
size_t length;
FOREACH_WORD_SEPARATOR(word, length, optarg, ",", state) {
+ _cleanup_free_ char *t;
cap_value_t cap;
- char *t;
t = strndup(word, length);
if (!t)
return log_oom();
- if (cap_from_name(t, &cap) < 0) {
- log_error("Failed to parse capability %s.", t);
- free(t);
- return -EINVAL;
+ if (streq(t, "all")) {
+ if (c == ARG_CAPABILITY)
+ arg_retain = (uint64_t) -1;
+ else
+ arg_retain = 0;
+ } else {
+ if (cap_from_name(t, &cap) < 0) {
+ log_error("Failed to parse capability %s.", t);
+ return -EINVAL;
+ }
+
+ if (c == ARG_CAPABILITY)
+ arg_retain |= 1ULL << (uint64_t) cap;
+ else
+ arg_retain &= ~(1ULL << (uint64_t) cap);
}
-
- free(t);
-
- if (c == ARG_CAPABILITY)
- arg_retain |= 1ULL << (uint64_t) cap;
- else
- arg_retain &= ~(1ULL << (uint64_t) cap);
}
break;
More information about the systemd-commits
mailing list