projects / platform / upstream / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1f47f55) | patch
Only drop the capabilities from the bounding set if we are running as PID1 (#6204)
authorLennart Poettering <lennart@poettering.net>
Wed, 28 Jun 2017 17:29:45 +0000 (19:29 +0200)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 28 Jun 2017 17:29:45 +0000 (13:29 -0400)
commit0d787d5ff812bc038384ff39f8b1d64f6c2ed13f
tree63e0fbd230b0736f630c4be1e5d437af07f43aa7tree | snapshot
parent1f47f5504c3ecf62afc6511a48886232f39431abcommit | diff
Only drop the capabilities from the bounding set if we are running as PID1 (#6204)

The CapabilityBoundingSet option only makes sense if we are running as
PID1.

The system.conf.d(5) manpage, already states that the CapabilityBoundingSet
option:
  Controls which capabilities to include in the capability bounding set
  for PID 1 and its children.

https://github.com/systemd/systemd/issues/6080
src/core/main.c diff | blob | history
Domain: System / System Framework;