On Tue, Jun 13, 2023 at 08:29:19AM +0900, Michael Paquier wrote: > I am actually a bit confused with the return value of > CreateRestrictedProcess() on failures in restricted_token.c. Wouldn't > it be cleaner to return INVALID_HANDLE_VALUE rather than 0 in these > cases?
My suspicion is that this was chosen to align with CreateProcess and to
allow things like
if (!CreateRestrictedProcess(...))
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com
