diff options
| author | afg <afg984@gmail.com> | 2019-11-29 17:08:05 +0800 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2019-11-29 14:42:27 +0100 |
| commit | c152a2ba54dc77322997e8f5e302518fe4b07e57 (patch) | |
| tree | 7013dd759d4abc84b24742b3f0dfad064b193506 /src/nspawn | |
| parent | dd08aa6488543727375d7377505a5333bb9e6047 (diff) | |
| download | systemd-c152a2ba54dc77322997e8f5e302518fe4b07e57.tar.gz systemd-c152a2ba54dc77322997e8f5e302518fe4b07e57.tar.bz2 systemd-c152a2ba54dc77322997e8f5e302518fe4b07e57.zip | |
nspawn: allow Capability=all in systemd.nspawn [EXEC] section
Just like --capability=all is allowed in the systemd-nspawn
command line.
Diffstat (limited to 'src/nspawn')
| -rw-r--r-- | src/nspawn/nspawn-settings.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/src/nspawn/nspawn-settings.c b/src/nspawn/nspawn-settings.c index 3a99736813..5fb5b49bbc 100644 --- a/src/nspawn/nspawn-settings.c +++ b/src/nspawn/nspawn-settings.c @@ -275,13 +275,17 @@ int config_parse_capability( if (r == 0) break; - r = capability_from_name(word); - if (r < 0) { - log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse capability, ignoring: %s", word); - continue; - } + if (streq(word, "all")) + u = (uint64_t) -1; + else { + r = capability_from_name(word); + if (r < 0) { + log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse capability, ignoring: %s", word); + continue; + } - u |= UINT64_C(1) << r; + u |= UINT64_C(1) << r; + } } if (u == 0) |