caps: more comments

Makefile

@@ -114,4 +114,5 @@ user.o: user.h common.h log.h subproc.h util.h
 util.o: util.h common.h log.h
 uts.o: uts.h common.h log.h
 cpu.o: cpu.h common.h log.h util.h
-config.o: common.h caps.h config.h log.h mount.h user.h util.h
+config.o: common.h caps.h config.h log.h mount.h user.h util.h config.pb.h
+config.pb.o: config.pb.h

caps.c

@@ -225,11 +225,11 @@ bool capsInitNs(struct nsjconf_t * nsjconf)
 		return false;
 	}
 
-	/* Let's start with the empty inheritable set to avoid any mistakes */
+	/* Let's start with an empty inheritable set to avoid any mistakes */
 	capsClearInheritable(cap_data);
 	/*
-	 * Remove all capabilities from the ambient set first. It works with newer kernel version only,
-	 * so don't fail if it fails
+	 * Remove all capabilities from the ambient set first. It works with newer kernel versions
+	 * only, so don't panic() if it fails
 	 */
 	if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0UL, 0UL, 0UL) == -1) {
 		PLOG_W("prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL)");
@@ -258,7 +258,7 @@ bool capsInitNs(struct nsjconf_t * nsjconf)
 
 	/*
 	 * Make sure all other caps (those which were not explicitly requested) are removed from the
-	 * bounding set
+	 * bounding set. We need to have CAP_SETPCAP to do that now
 	 */
 	if (capsGetEffective(cap_data, CAP_SETPCAP) == true) {
 		dbgmsg[0] = '\0';

contain.h

@@ -26,7 +26,7 @@
 
 #include "common.h"
 
-bool containSetupFD(struct nsjconf_t * nsjconf, int fd_in, int fd_out, int fd_err);
+bool containSetupFD(struct nsjconf_t *nsjconf, int fd_in, int fd_out, int fd_err);
 bool containContain(struct nsjconf_t *nsjconf);
 
 #endif				/* NS_CONTAIN_H */