capability-util: Ignore unknown capabilities instead of aborting

capability_quintet_mangle() can be called with capability sets
containing unknown capabilities. Let's not crash when this is the
case but instead ignore the unknown capabilities.

Fixes d5e12dc75e0e356c62e514e9c347efb200fe60e0

diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c
index 0aaf8c3807bd58577654e0a2ead9ff784f86ab00..2f0e0ccf92e6710f7552dd22b3289fdb6894fd8c 100644 (file)
--- a/src/basic/capability-util.c
+++ b/src/basic/capability-util.c
@@ -396,8 +396,9 @@ bool capability_quintet_mangle(CapabilityQuintet *q) {
 
         combined = q->effective | q->bounding | q->inheritable | q->permitted | q->ambient;
 
-        BIT_FOREACH(i, combined) {
-                assert((unsigned) i <= cap_last_cap());
+        for (unsigned i = 0; i <= cap_last_cap(); i++) {
+                if (!BIT_SET(combined, i))
+                        continue;
 
                 if (prctl(PR_CAPBSET_READ, (unsigned long) i) > 0)
                         continue;

diff --git a/test/units/TEST-13-NSPAWN.nspawn.sh b/test/units/TEST-13-NSPAWN.nspawn.sh
index 22b1abd57ceeb499305c88843f22ca13162a4394..ffe5e8507dd6d049fc17eda5007dc1f13b1ad0b5 100755 (executable)
--- a/test/units/TEST-13-NSPAWN.nspawn.sh
+++ b/test/units/TEST-13-NSPAWN.nspawn.sh
@@ -312,6 +312,7 @@ EOF
     # Assorted tests
     systemd-nspawn --directory="$root" --suppress-sync=yes bash -xec 'echo hello'
     systemd-nspawn --capability=help
+    systemd-nspawn --directory="$root" --capability=all bash -xec 'echo hello'
     systemd-nspawn --resolv-conf=help
     systemd-nspawn --timezone=help