diff options
| author | Lennart Poettering <lennart@poettering.net> | 2016-10-06 17:54:12 +0200 |
|---|---|---|
| committer | Sven Eden <yamakuzure@gmx.net> | 2017-07-05 08:50:54 +0200 |
| commit | 98882279e46c4a4776d68872340f636bd1ec1863 (patch) | |
| tree | e1c18d804ed1eada4cfb9f0456c4e036c29d3231 /src/basic/capability-util.c | |
| parent | 26e777ad8e15ff57aed603ce37e18e9b46384e06 (diff) | |
user-util: rework maybe_setgroups() a bit
Let's drop the caching of the setgroups /proc field for now. While there's a
strict regime in place when it changes states, let's better not cache it since
we cannot really be sure we follow that regime correctly.
More importantly however, this is not in performance sensitive code, and
there's no indication the cache is really beneficial, hence let's drop the
caching and make things a bit simpler.
Also, while we are at it, rework the error handling a bit, and always return
negative errno-style error codes, following our usual coding style. This has
the benefit that we can sensible hanld read_one_line_file() errors, without
having to updat errno explicitly.
Diffstat (limited to 'src/basic/capability-util.c')
| -rw-r--r-- | src/basic/capability-util.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c index 383f1137e..4a78b14d8 100644 --- a/src/basic/capability-util.c +++ b/src/basic/capability-util.c @@ -298,8 +298,9 @@ int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) { if (setresgid(gid, gid, gid) < 0) return log_error_errno(errno, "Failed to change group ID: %m"); - if (maybe_setgroups(0, NULL) < 0) - return log_error_errno(errno, "Failed to drop auxiliary groups list: %m"); + r = maybe_setgroups(0, NULL); + if (r < 0) + return log_error_errno(r, "Failed to drop auxiliary groups list: %m"); /* Ensure we keep the permitted caps across the setresuid() */ if (prctl(PR_SET_KEEPCAPS, 1) < 0) |