Revert "Ignore unknown capabilities when dropping them"

This reverts commit 05039b037a79771aca728eed8d88e3171d12ad05.

We will use the upstream fix for that.

diff --git a/debian/changelog b/debian/changelog
index e3fdac6897d7f0465c6ddb418194cb55f59bc5bb..18856c79f3f7832b422c0826289626cd114f4137 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,7 +4,6 @@ systemd (29-1) UNRELEASED; urgency=low
     - Includes typo fixes in documentation.  Closes: #623520
   * Fall back to the init script reload function if a native .service file
     doesn't know how to reload.  Closes: #628186
-  * Ignore unknown capabilities when dropping them.  Closes: #628081
   * Add hard dependency on udev.  Closes: #627921
 
   [ Michael Biebl ]

diff --git a/src/execute.c b/src/execute.c
index 7d89096a4c2f84e6187c8af05a923587ee348696..a62f9dbbc64fb149e3c8cffef3cec7968216089f 100644 (file)
--- a/src/execute.c
+++ b/src/execute.c
@@ -960,13 +960,6 @@ static int do_capability_bounding_set_drop(uint64_t drop) {
         for (i = 0; i <= CAP_LAST_CAP; i++)
                 if (drop & ((uint64_t) 1ULL << (uint64_t) i)) {
                         if (prctl(PR_CAPBSET_DROP, i) < 0) {
-
-                                /* If this capability is not known,
-                                 * EINVAL will be returned, let's
-                                 * ignore this. */
-                                if (errno == EINVAL)
-                                        continue;
-
                                 r = -errno;
                                 goto finish;
                         }