diff options
| author | Alan Jenkins <alan.christopher.jenkins@gmail.com> | 2018-08-27 20:09:58 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-08-29 18:07:06 +0200 |
| commit | 8f8112f916c68746c436c3e4314b226fee820f1e (patch) | |
| tree | 9957c1b02b3be69de9b7cc409f35aa0b9270d1ae /src/resolve | |
| parent | fd-util: accept that kcmp might fail with EPERM/EACCES (diff) | |
| download | systemd-8f8112f916c68746c436c3e4314b226fee820f1e.tar.xz systemd-8f8112f916c68746c436c3e4314b226fee820f1e.zip | |
resolve: update comment, avoid alarming wrongness
`systemd-resolved.service` runs as `User=systemd-resolved`, and uses certain
Capabilit{y,ies} magic. By my understanding, this means it is started with a
number of "privileges". Indeed, `capabilities(7)` explains
> Linux divides the privileges traditionally
> associated with superuser into distinct units, known as capabilities,
> which can be independently enabled and disabled."
This situation appears to contradict our current code comment which said
> If we are not running as root we assume all privileges are already dropped.
This appears to be a confusion in the comment only. The rest of the code
tells a much clearer story. (Don't ask me if the story is correct.
`capabilities(7)` scares me). Let's tweak the comment to make it consistent
and avoid worrying readers about this.
Diffstat (limited to 'src/resolve')
| -rw-r--r-- | src/resolve/resolved.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c index d4d6cba201..fbae0b28be 100644 --- a/src/resolve/resolved.c +++ b/src/resolve/resolved.c @@ -50,7 +50,7 @@ int main(int argc, char *argv[]) { goto finish; } - /* Drop privileges, but only if we have been started as root. If we are not running as root we assume all + /* Drop privileges, but only if we have been started as root. If we are not running as root we assume most * privileges are already dropped. */ if (getuid() == 0) { |