2025-09-23 13:54:45 +02:00
3 changed files with 3 additions and 22 deletions
--- a/3
+++ b/3
@ -41,9 +41,6 @@ Features:

 * add ConditionSecurity=tpm2

-* Remove any support for booting without /usr pre-mounted in the initrd entirely.
-  Update INITRD_INTERFACE.md accordingly.
-
 * pid1: Move to tracking of main pid/control pid of units per pidfd

 * pid1: support new clone3() fork-into-cgroup feature
--- a/src/basic/capability-util.c
+++ b/src/basic/capability-util.c
@ -107,18 +107,6 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) {
        unsigned long i;
        int r;

-        /* Remove capabilities requested in ambient set, but not in the bounding set */
-        for (i = 0; i <= cap_last_cap(); i++) {
-                if (set == 0)
-                        break;
-
-                if (FLAGS_SET(set, (UINT64_C(1) << i)) && prctl(PR_CAPBSET_READ, i) != 1) {
-                        log_debug("Ambient capability %s requested but missing from bounding set,"
-                                        " suppressing automatically.", capability_to_name(i));
-                        set &= ~(UINT64_C(1) << i);
-                }
-        }
-
        /* Add the capabilities to the ambient set (an possibly also the inheritable set) */

        /* Check that we can use PR_CAP_AMBIENT or quit early. */
--- a/src/basic/stat-util.c
+++ b/src/basic/stat-util.c
@ -94,10 +94,10 @@ bool null_or_empty(struct stat *st) {
        if (S_ISREG(st->st_mode) && st->st_size <= 0)
                return true;

-        /* We don't want to hardcode the major/minor of /dev/null, hence we do a simpler "is this a character
-         * device node?" check. */
+        /* We don't want to hardcode the major/minor of /dev/null,
+         * hence we do a simpler "is this a device node?" check. */

-        if (S_ISCHR(st->st_mode))
+        if (S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode))
                return true;

        return false;
@ -108,10 +108,6 @@ int null_or_empty_path(const char *fn) {

        assert(fn);

-        /* If we have the path, let's do an easy text comparison first. */
-        if (path_equal(fn, "/dev/null"))
-                return true;
-
        if (stat(fn, &st) < 0)
                return -errno;