ryantimwilson / rpms / systemd

Forked from rpms/systemd 2 months ago
Clone
Blob Blame History Raw
From 5c7d92d36bd1b608ccba0adc3fdc5446e6575623 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Tue, 27 Oct 2015 14:40:28 +0300
Subject: [PATCH] core: fix CapabilityBoundingSet merging

Fixes: #1221

Cherry-picked from: b9d345b
Resolves: #1409586
---
 src/core/load-fragment.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 4fecb83142..90d42b002f 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -1027,6 +1027,7 @@ int config_parse_bounding_set(const char *unit,
                               void *userdata) {
 
         uint64_t *capability_bounding_set_drop = data;
+        uint64_t capability_bounding_set;
         const char *word, *state;
         size_t l;
         bool invert = false;
@@ -1067,10 +1068,11 @@ int config_parse_bounding_set(const char *unit,
                 log_syntax(unit, LOG_ERR, filename, line, EINVAL,
                            "Trailing garbage, ignoring.");
 
-        if (invert)
-                *capability_bounding_set_drop |= sum;
+        capability_bounding_set = invert ? ~sum : sum;
+        if (*capability_bounding_set_drop)
+                *capability_bounding_set_drop = ~(~*capability_bounding_set_drop | capability_bounding_set);
         else
-                *capability_bounding_set_drop |= ~sum;
+                *capability_bounding_set_drop = ~capability_bounding_set;
 
         return 0;
 }