capability: don't skip ambient caps setup if we actually have something to set

Follow-up for 7ea4392f1e444388caa706d6bd64fb7b30dc2903 Let's not hide errors needlessly aggressively. (cherry picked from commit c4b23712634d020184393ba83451bd200a1e785f)
author: Lennart Poettering <lennart@poettering.net> 2020-04-02 17:20:47 +0200
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2020-04-17 12:29:32 +0200
commit: da2125b6a23b238a989094c325cacd8ec45efa5d (patch)
tree: 4f0422c4969905e15add0432981dac8e3d1f5b2e
parent: e3b6d65c5386c6597ccc5a0a99decdc5e7b83077 (diff)
download: systemd-da2125b6a23b238a989094c325cacd8ec45efa5d.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c
index caffda62af..9dbebfa167 100644
--- a/src/basic/capability-util.c
+++ b/src/basic/capability-util.c
@@ -107,11 +107,13 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) {
         unsigned long i;
         int r;
 
+        /* Add the capabilities to the ambient set (an possibly also the inheritable set) */
+
         /* Check that we can use PR_CAP_AMBIENT or quit early. */
         if (!ambient_capabilities_supported())
-                return 0;
-
-        /* Add the capabilities to the ambient set. */
+                return (set & all_capabilities()) == 0 ?
+                        0 : -EOPNOTSUPP; /* if actually no ambient caps are to be set, be silent,
+                                          * otherwise fail recognizably */
 
         if (also_inherit) {
                 caps = cap_get_proc();
author	Lennart Poettering <lennart@poettering.net>	2020-04-02 17:20:47 +0200
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2020-04-17 12:29:32 +0200
commit	da2125b6a23b238a989094c325cacd8ec45efa5d (patch)
tree	4f0422c4969905e15add0432981dac8e3d1f5b2e
parent	e3b6d65c5386c6597ccc5a0a99decdc5e7b83077 (diff)
download	systemd-da2125b6a23b238a989094c325cacd8ec45efa5d.tar.gz