From: Lennart Poettering Date: Fri, 8 Mar 2019 12:27:01 +0000 (+0100) Subject: capability: deal with libcap being older than kernel X-Git-Tag: v242-rc1~99^2~7 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=248dd9417161e4a468cc6f21ad8d410a674f73fa;p=thirdparty%2Fsystemd.git capability: deal with libcap being older than kernel --- diff --git a/src/basic/capability-util.c b/src/basic/capability-util.c index b351f23618d..e700edf2608 100644 --- a/src/basic/capability-util.c +++ b/src/basic/capability-util.c @@ -426,8 +426,15 @@ int capability_quintet_enforce(const CapabilityQuintet *q) { if (q->inheritable != (uint64_t) -1) { cap_flag_value_t old_value, new_value; - if (cap_get_flag(c, cv, CAP_INHERITABLE, &old_value) < 0) + if (cap_get_flag(c, cv, CAP_INHERITABLE, &old_value) < 0) { + if (errno == EINVAL) /* If the kernel knows more caps than this + * version of libcap, then this will return + * EINVAL. In that case, simply ignore it, + * pretend it doesn't exist. */ + continue; + return -errno; + } new_value = (q->inheritable & m) ? CAP_SET : CAP_CLEAR; @@ -442,8 +449,12 @@ int capability_quintet_enforce(const CapabilityQuintet *q) { if (q->permitted != (uint64_t) -1) { cap_flag_value_t old_value, new_value; - if (cap_get_flag(c, cv, CAP_PERMITTED, &old_value) < 0) + if (cap_get_flag(c, cv, CAP_PERMITTED, &old_value) < 0) { + if (errno == EINVAL) + continue; + return -errno; + } new_value = (q->permitted & m) ? CAP_SET : CAP_CLEAR; @@ -458,8 +469,12 @@ int capability_quintet_enforce(const CapabilityQuintet *q) { if (q->effective != (uint64_t) -1) { cap_flag_value_t old_value, new_value; - if (cap_get_flag(c, cv, CAP_EFFECTIVE, &old_value) < 0) + if (cap_get_flag(c, cv, CAP_EFFECTIVE, &old_value) < 0) { + if (errno == EINVAL) + continue; + return -errno; + } new_value = (q->effective & m) ? CAP_SET : CAP_CLEAR;