teknoraver / rpms / systemd

Forked from rpms/systemd 2 months ago
Clone

Blame SOURCES/0430-core-fix-CapabilityBoundingSet-merging.patch

923a60
From 5c7d92d36bd1b608ccba0adc3fdc5446e6575623 Mon Sep 17 00:00:00 2001
923a60
From: Evgeny Vereshchagin <evvers@ya.ru>
923a60
Date: Tue, 27 Oct 2015 14:40:28 +0300
923a60
Subject: [PATCH] core: fix CapabilityBoundingSet merging
923a60
923a60
Fixes: #1221
923a60
923a60
Cherry-picked from: b9d345b
923a60
Resolves: #1409586
923a60
---
923a60
 src/core/load-fragment.c | 8 +++++---
923a60
 1 file changed, 5 insertions(+), 3 deletions(-)
923a60
923a60
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
923a60
index 4fecb83142..90d42b002f 100644
923a60
--- a/src/core/load-fragment.c
923a60
+++ b/src/core/load-fragment.c
923a60
@@ -1027,6 +1027,7 @@ int config_parse_bounding_set(const char *unit,
923a60
                               void *userdata) {
923a60
 
923a60
         uint64_t *capability_bounding_set_drop = data;
923a60
+        uint64_t capability_bounding_set;
923a60
         const char *word, *state;
923a60
         size_t l;
923a60
         bool invert = false;
923a60
@@ -1067,10 +1068,11 @@ int config_parse_bounding_set(const char *unit,
923a60
                 log_syntax(unit, LOG_ERR, filename, line, EINVAL,
923a60
                            "Trailing garbage, ignoring.");
923a60
 
923a60
-        if (invert)
923a60
-                *capability_bounding_set_drop |= sum;
923a60
+        capability_bounding_set = invert ? ~sum : sum;
923a60
+        if (*capability_bounding_set_drop)
923a60
+                *capability_bounding_set_drop = ~(~*capability_bounding_set_drop | capability_bounding_set);
923a60
         else
923a60
-                *capability_bounding_set_drop |= ~sum;
923a60
+                *capability_bounding_set_drop = ~capability_bounding_set;
923a60
 
923a60
         return 0;
923a60
 }