conf: don't report success when idmaptools lack all privilege

author Christian Brauner <christian.brauner@ubuntu.com>

Mon, 12 Apr 2021 07:47:59 +0000 (09:47 +0200)

committer Christian Brauner <christian.brauner@ubuntu.com>

Mon, 12 Apr 2021 12:00:27 +0000 (14:00 +0200)
author Christian Brauner <christian.brauner@ubuntu.com>
Mon, 12 Apr 2021 07:47:59 +0000 (09:47 +0200)
committer Christian Brauner <christian.brauner@ubuntu.com>
Mon, 12 Apr 2021 12:00:27 +0000 (14:00 +0200)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c

index 37918dac783aba2a9a7be65a2fab42912680b0a5..6a0d54b8384870a5c820d9807d806b1db0d767d9 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2816,6 +2816,8 @@ static int idmaptool_on_path_and_privileged(const char *binary, cap_value_t cap)
             lxc_file_cap_is_set(path, CAP_SETGID, CAP_EFFECTIVE) &&
             lxc_file_cap_is_set(path, CAP_SETGID, CAP_PERMITTED))
                 return log_debug(1, "The binary \"%s\" has CAP_SETGID in its CAP_EFFECTIVE and CAP_PERMITTED sets", path);
+
+       return 0;
  #else
         /*
          * If we cannot check for file capabilities we need to give the benefit
@@ -2823,9 +2825,8 @@ static int idmaptool_on_path_and_privileged(const char *binary, cap_value_t cap)
          * file capabilities are set.
          */
         DEBUG("Cannot check for file capabilities as full capability support is missing. Manual intervention needed");
-#endif
-
         return 1;
+#endif
  }
  
  static int lxc_map_ids_exec_wrapper(void *args)
author	Christian Brauner <christian.brauner@ubuntu.com>
	Mon, 12 Apr 2021 07:47:59 +0000 (09:47 +0200)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Mon, 12 Apr 2021 12:00:27 +0000 (14:00 +0200)