From e13a4485bf9d3e1383dc88c32fbb48f6abe1df63 Mon Sep 17 00:00:00 2001
From: Mark Stapp <mjs@cisco.com>
Date: Fri, 31 Jan 2025 13:13:48 -0500
Subject: [PATCH] libs: return from change_caps if no caps

When called without caps/privs, just return from "change_caps"
instead of exiting - it's possible that a process may not need
privs, but a lib (for example) may use the api.

Signed-off-by: Mark Stapp <mjs@cisco.com>
---
 lib/privs.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/privs.c b/lib/privs.c
index b0809bf690..e7df383e5d 100644
--- a/lib/privs.c
+++ b/lib/privs.c
@@ -210,10 +210,11 @@ int zprivs_change_caps(zebra_privs_ops_t op)
 {
 	cap_flag_value_t cflag;
 
-	/* should be no possibility of being called without valid caps */
-	assert(zprivs_state.syscaps_p && zprivs_state.caps);
-	if (!(zprivs_state.syscaps_p && zprivs_state.caps))
-		exit(1);
+	/* Called without valid caps - just return. Not every daemon needs
+	 * privs.
+	 */
+	if (zprivs_state.syscaps_p == NULL || zprivs_state.caps == NULL)
+		return 0;
 
 	if (op == ZPRIVS_RAISE)
 		cflag = CAP_SET;