From d6018f88cb5a7bd89ad8b7811879512a6181d236 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 17 Apr 2017 23:23:26 +0200 Subject: [PATCH] caps: skip file capability checks on android Signed-off-by: Christian Brauner --- src/lxc/caps.c | 5 +++++ src/lxc/conf.c | 6 +++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/lxc/caps.c b/src/lxc/caps.c index 705ac9446..2d6a3b82c 100644 --- a/src/lxc/caps.c +++ b/src/lxc/caps.c @@ -225,6 +225,10 @@ static bool lxc_cap_is_set(cap_t caps, cap_value_t cap, cap_flag_t flag) bool lxc_file_cap_is_set(const char *path, cap_value_t cap, cap_flag_t flag) { + /* Android's bionic currently seems to lack support for cap_get_file(). */ + #if IS_BIONIC + return true; + #else bool cap_is_set; cap_t caps; @@ -243,6 +247,7 @@ bool lxc_file_cap_is_set(const char *path, cap_value_t cap, cap_flag_t flag) cap_is_set = lxc_cap_is_set(caps, cap, flag); cap_free(caps); return cap_is_set; + #endif } bool lxc_proc_cap_is_set(cap_value_t cap, cap_flag_t flag) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 8cd517485..999f2ebe1 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -3353,7 +3353,7 @@ static int idmaptool_on_path_and_privileged(const char *binary, cap_value_t cap) goto cleanup; } - #if HAVE_LIBCAP + #if HAVE_LIBCAP && !IS_BIONIC /* Check if it has the CAP_SETUID capability. */ if ((cap & CAP_SETUID) && lxc_file_cap_is_set(path, CAP_SETUID, CAP_EFFECTIVE) && @@ -3373,6 +3373,10 @@ static int idmaptool_on_path_and_privileged(const char *binary, cap_value_t cap) fret = 1; goto cleanup; } + #else + DEBUG("Cannot check for file capabilites as full capability support is " + "missing. Manual intervention needed."); + fret = 1; #endif cleanup: -- 2.47.2