From 8bf68f78d8a3c470e5a326989aa3e78385e1e79b Mon Sep 17 00:00:00 2001 From: =?utf8?q?=C3=89rico=20Rolim?= Date: Wed, 18 Nov 2020 11:35:26 -0300 Subject: [PATCH] setpriv: allow using [-+]all for capabilities. The initial change to lib/caputils that allowed this was commit 5d95818757941bc609e5aeec5e2218f7d35a6e19, which made it possible to trust the value returned by cap_last_cap(). The error message was also somewhat misleading, since cap_last_cap() being smaller than CAP_LAST_CAP happens when setpriv itself is built with kernel headers older than the currently running kernel, not due to libcap-ng. (cherry picked from commit 93de9f687d1640fff963f26b7db474eef3746532) --- sys-utils/setpriv.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c index f8a03640be..4ac46db82b 100644 --- a/sys-utils/setpriv.c +++ b/sys-utils/setpriv.c @@ -532,12 +532,9 @@ static void do_caps(enum cap_type type, const char *caps) if (!strcmp(c + 1, "all")) { int i; - /* It would be really bad if -all didn't drop all - * caps. It's better to just fail. */ - if (cap_last_cap() > CAP_LAST_CAP) - errx(SETPRIV_EXIT_PRIVERR, - _("libcap-ng is too old for \"all\" caps")); - for (i = 0; i <= CAP_LAST_CAP; i++) + /* We can trust the return value from cap_last_cap(), + * so use that directly. */ + for (i = 0; i <= cap_last_cap(); i++) cap_update(action, type, i); } else { int cap = capng_name_to_capability(c + 1); -- 2.47.2