attach: improve error logging for drop_capabilities()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 454f39c8bdbc2fcd75ee2f18bbf4f232a174440c..fa040f7dc186af45ec06acbc1c1ffdae5eb350c4 100644 (file)
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -780,7 +780,7 @@ static int drop_capabilities(struct attach_context *ctx)
 
        ret = lxc_caps_last_cap(&last_cap);
        if (ret)
-               return ret;
+               return syserror_ret(ret, "%d - Failed to drop capabilities", ret);
 
        for (__u32 cap = 0; cap <= last_cap; cap++) {
                if (ctx->capability_mask & (1LL << cap))
@@ -788,7 +788,7 @@ static int drop_capabilities(struct attach_context *ctx)
 
                if (prctl(PR_CAPBSET_DROP, prctl_arg(cap), prctl_arg(0),
                          prctl_arg(0), prctl_arg(0)))
-                       return log_error_errno(-1, errno, "Failed to drop capability %d", cap);
+                       return syserror("Failed to drop capability %d", cap);
 
                TRACE("Dropped capability %d", cap);
        }

diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index 2f34a9ca17bf5a4858d1f7d8680802fe8a54f9d1..5a7619300fb276ded94a49f4bdc8eb604bdb6031 100644 (file)
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -211,6 +211,11 @@ static int __caps_last_cap(__u32 *cap)
 {
        __do_close int fd = -EBADF;
 
+       if (!cap)
+               return ret_errno(EINVAL);
+
+       *cap = 0;
+
        /*
         * Try to get the maximum capability over the kernel interface
         * introduced in v3.2.
@@ -222,16 +227,16 @@ static int __caps_last_cap(__u32 *cap)
                     0);
        if (fd >= 0) {
                ssize_t ret;
-               unsigned res;
-               char buf[INTTYPE_TO_STRLEN(__u32)] = {0};
+               unsigned int res;
+               char buf[INTTYPE_TO_STRLEN(unsigned int)] = {0};
 
                ret = lxc_read_nointr(fd, buf, STRARRAYLEN(buf));
                if (ret <= 0)
-                       return ret_errno(EINVAL);
+                       return syserror_set(EINVAL, "Failed to read \"/proc/sys/kernel/cap_last_cap\"");
 
-               ret = lxc_safe_uint(buf, &res);
+               ret = lxc_safe_uint(lxc_trim_whitespace_in_place(buf), &res);
                if (ret < 0)
-                       return ret;
+                       return syserror("Failed to parse unsigned integer %s", buf);
 
                *cap = (__u32)res;
        } else {
@@ -244,7 +249,8 @@ static int __caps_last_cap(__u32 *cap)
                while (prctl(PR_CAPBSET_READ, prctl_arg(cur_cap)) >= 0)
                        cur_cap++;
 
-               *cap = cur_cap - 1;
+               if (cur_cap)
+                       *cap = cur_cap - 1;
        }
 
        return 0;
@@ -255,6 +261,9 @@ int lxc_caps_last_cap(__u32 *cap)
        static int ret = -1;
        static __u32 last_cap = 0;
 
+       if (!cap)
+               return ret_errno(EINVAL);
+
        if (ret < 0) {
                ret = __caps_last_cap(&last_cap);
                if (ret)