From: Daniel Lezcano <daniel.lezcano@free.fr>
Date: Tue, 26 Oct 2010 15:42:37 +0000 (+0200)
Subject: don't play with the capabilities when we are root
X-Git-Tag: lxc-0.7.3~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7ee895e428cef6df576e4c9e6d10ac7d41b5a213;p=thirdparty%2Flxc.git

don't play with the capabilities when we are root

We don't want to drop the capabilities when we are root because that
leads to some problems. For exemple, sudo lxc-start -n foo -o $(tty) fails with
"permission denied".

Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>
---

diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index 58634bad0..46a2766c3 100644
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -54,6 +54,11 @@ int lxc_caps_down(void)
 	cap_t caps;
 	int ret;
 
+	/* when we are run as root, we don't want to play
+	 * with the capabilities */
+	if (!getuid())
+		return 0;
+
 	caps = cap_get_proc();
 	if (!caps) {
 		ERROR("failed to cap_get_proc: %m");
@@ -83,6 +88,11 @@ int lxc_caps_up(void)
 	cap_value_t cap;
 	int ret;
 
+	/* when we are run as root, we don't want to play
+	 * with the capabilities */
+	if (!getuid())
+		return 0;
+
 	caps = cap_get_proc();
 	if (!caps) {
 		ERROR("failed to cap_get_proc: %m");