On Tue, Jun 13, 2023 at 08:29:19AM +0900, Michael Paquier wrote:
> I am actually a bit confused with the return value of
> CreateRestrictedProcess() on failures in restricted_token.c. Wouldn't
> it be cleaner to return INVALID_HANDLE_VALUE rather than 0 in these
> cases?
My suspicion is that this was chosen to align with CreateProcess and to
allow things like
if (!CreateRestrictedProcess(...))
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com