From: Érico Rolim <erico.erc@gmail.com>
Date: Wed, 18 Nov 2020 14:35:26 +0000 (-0300)
Subject: setpriv: allow using [-+]all for capabilities.
X-Git-Tag: v2.36.2~43
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=8bf68f78d8a3c470e5a326989aa3e78385e1e79b;p=thirdparty%2Futil-linux.git

setpriv: allow using [-+]all for capabilities.

The initial change to lib/caputils that allowed this was commit
5d95818757941bc609e5aeec5e2218f7d35a6e19, which made it possible to
trust the value returned by cap_last_cap().

The error message was also somewhat misleading, since cap_last_cap()
being smaller than CAP_LAST_CAP happens when setpriv itself is built
with kernel headers older than the currently running kernel, not due to
libcap-ng.

(cherry picked from commit 93de9f687d1640fff963f26b7db474eef3746532)
---

diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c
index f8a03640be..4ac46db82b 100644
--- a/sys-utils/setpriv.c
+++ b/sys-utils/setpriv.c
@@ -532,12 +532,9 @@ static void do_caps(enum cap_type type, const char *caps)
 
 		if (!strcmp(c + 1, "all")) {
 			int i;
-			/* It would be really bad if -all didn't drop all
-			 * caps.  It's better to just fail. */
-			if (cap_last_cap() > CAP_LAST_CAP)
-				errx(SETPRIV_EXIT_PRIVERR,
-				     _("libcap-ng is too old for \"all\" caps"));
-			for (i = 0; i <= CAP_LAST_CAP; i++)
+			/* We can trust the return value from cap_last_cap(),
+			 * so use that directly. */
+			for (i = 0; i <= cap_last_cap(); i++)
 				cap_update(action, type, i);
 		} else {
 			int cap = capng_name_to_capability(c + 1);