mirror of
https://github.com/systemd/systemd.git
synced 2024-11-27 20:23:36 +08:00
nspawn: allow Capability=all in systemd.nspawn [EXEC] section
Just like --capability=all is allowed in the systemd-nspawn command line.
This commit is contained in:
parent
dd08aa6488
commit
c152a2ba54
@ -189,7 +189,8 @@
|
||||
<filename>/etc/systemd/nspawn/</filename> and
|
||||
<filename>/run/system/nspawn/</filename> (see above). On the
|
||||
other hand, <varname>DropCapability=</varname> takes effect in
|
||||
all cases.</para></listitem>
|
||||
all cases. If the special value <literal>all</literal> is passed, all
|
||||
capabilities are retained (or dropped).</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
@ -275,6 +275,9 @@ int config_parse_capability(
|
||||
if (r == 0)
|
||||
break;
|
||||
|
||||
if (streq(word, "all"))
|
||||
u = (uint64_t) -1;
|
||||
else {
|
||||
r = capability_from_name(word);
|
||||
if (r < 0) {
|
||||
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse capability, ignoring: %s", word);
|
||||
@ -283,6 +286,7 @@ int config_parse_capability(
|
||||
|
||||
u |= UINT64_C(1) << r;
|
||||
}
|
||||
}
|
||||
|
||||
if (u == 0)
|
||||
return 0;
|
||||
|
Loading…
Reference in New Issue
Block a user