don't play with the capabilities when we are root

We don't want to drop the capabilities when we are root because that
leads to some problems. For exemple, sudo lxc-start -n foo -o $(tty) fails with
"permission denied".

Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>

diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index 58634bad0ba27479f0f0b2746f459c8afaa2195e..46a2766c3c27290547ef9cc67060a10e2786ae80 100644 (file)
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -54,6 +54,11 @@ int lxc_caps_down(void)
        cap_t caps;
        int ret;
 
+       /* when we are run as root, we don't want to play
+        * with the capabilities */
+       if (!getuid())
+               return 0;
+
        caps = cap_get_proc();
        if (!caps) {
                ERROR("failed to cap_get_proc: %m");
@@ -83,6 +88,11 @@ int lxc_caps_up(void)
        cap_value_t cap;
        int ret;
 
+       /* when we are run as root, we don't want to play
+        * with the capabilities */
+       if (!getuid())
+               return 0;
+
        caps = cap_get_proc();
        if (!caps) {
                ERROR("failed to cap_get_proc: %m");