diff options
| author | Lennart Poettering <lennart@poettering.net> | 2019-06-20 14:44:47 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2019-06-20 14:55:24 +0200 |
| commit | 4a33a02e994c8002a7eac75c02494becb1a4d4f8 (patch) | |
| tree | 7aa8fe81ee013026b79c5c7a76cb1f42b4368c55 /src/basic/capability-util.c | |
| parent | units: deny access to block devices (diff) | |
| download | systemd-4a33a02e994c8002a7eac75c02494becb1a4d4f8.tar.xz systemd-4a33a02e994c8002a7eac75c02494becb1a4d4f8.zip | |
capability: fix loops for cap_last_cap()
cap_last_cap() returns the last valid cap (instead of the number of
valid caps). to iterate through all known caps we hence need to use a <=
check, and not a < check like for all other cases. We got this right
usually, but in three cases we did not.
Diffstat (limited to 'src/basic/capability-util.c')
| -rw-r--r-- | src/basic/capability-util.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c index 2a9c3b80f8..e3ed14f806 100644 --- a/src/basic/capability-util.c +++ b/src/basic/capability-util.c @@ -90,7 +90,7 @@ int capability_update_inherited_set(cap_t caps, uint64_t set) { /* Add capabilities in the set to the inherited caps. Do not apply * them yet. */ - for (i = 0; i < cap_last_cap(); i++) { + for (i = 0; i <= cap_last_cap(); i++) { if (set & (UINT64_C(1) << i)) { cap_value_t v; @@ -126,7 +126,7 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) { return -errno; } - for (i = 0; i < cap_last_cap(); i++) { + for (i = 0; i <= cap_last_cap(); i++) { if (set & (UINT64_C(1) << i)) { |