virutil: Check retval of capng_apply()

Inside of virSetUIDGIDWithCaps() there's a naked call to
capng_apply(), i.e. without any retval check. This is potentially
dangerous as capng_apply() may fail. Do the check and report an
error.

This also fixes the build on bleeding edge distros - like Fedora
rawhide - where the function is declared with 'warn unused
result' [1].

1: https://github.com/stevegrubb/libcap-ng/commit/a0743c335c9a16a2fda9b25120a5523742119e47

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>

diff --git a/src/util/virutil.c b/src/util/virutil.c
index b5b65fb415fa8d9fa3896d64cb1fab9e7a719509..c90d0be836e8c56272b4b3d564d5554730157691 100644 (file)
--- a/src/util/virutil.c
+++ b/src/util/virutil.c
@@ -1200,8 +1200,12 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups,
      * do this if we failed to get the capability above, so ignore the
      * return value.
      */
-    if (!need_setpcap)
-        capng_apply(CAPNG_SELECT_BOUNDS);
+    if (!need_setpcap &&
+        (capng_ret = capng_apply(CAPNG_SELECT_BOUNDS)) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("cannot apply process capabilities: %1$d"), capng_ret);
+        return -1;
+    }
 
     /* Drop the caps that allow setuid/gid (unless they were requested) */
     if (need_setgid)