proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-08 15:04:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix lxc's handling of CAP_LAST_CAP

Browse Source 
CAP_LAST_CAP in linux/capability.h doesn't always match what the kernel
actually supports.  If the kernel supports fewer capabilities, then a
cap_get_flag for an unsupported capability returns -EINVAL.

Recognize that, and don't fail when initializing capabilities when this
happens, rather accept that we've reached the last capability.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This commit is contained in:
Serge Hallyn 2012-07-31 16:07:18 +02:00 committed by Daniel Lezcano
parent d80cfe7188
commit 2b657f10ca
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/lxc/caps.c
View File

@ -28,6 +28,7 @@
#include <limits.h> #include <limits.h>
#include <sys/prctl.h> #include <sys/prctl.h>
#include <sys/capability.h> #include <sys/capability.h>
#include <errno.h>
#include "log.h" #include "log.h"
@ -90,6 +91,7 @@ int lxc_caps_up(void)
cap_t caps; cap_t caps;
cap_value_t cap; cap_value_t cap;
int ret; int ret;
int lastcap = 0;
/* when we are run as root, we don't want to play /* when we are run as root, we don't want to play
* with the capabilities */ * with the capabilities */
@ -108,9 +110,15 @@ int lxc_caps_up(void)
ret = cap_get_flag(caps, cap, CAP_PERMITTED, &flag); ret = cap_get_flag(caps, cap, CAP_PERMITTED, &flag);
if (ret) { if (ret) {
if (errno == EINVAL) {
INFO("Last supported cap was %d\n", cap-1);
break;
} else {
ERROR("failed to cap_get_flag: %m"); ERROR("failed to cap_get_flag: %m");
goto out; goto out;
} }
}
lastcap = cap;
ret = cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap, flag); ret = cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap, flag);
if (ret) { if (ret) {