redmine

Removed cap_drop() error while running with non-root privileges

... ... @@ -226,6 +226,8 @@ enum state_enum {
};
typedef enum state_enum state_t;
#define CAP_PRESERVE_TRY (1<<16)
struct ctx {
#ifndef LIBCLSYNC
state_t state;
... ...
... ... @@ -2026,6 +2026,7 @@ int main(int argc, char *argv[]) {
ctx_p->retries = DEFAULT_RETRIES;
ctx_p->flags[VERBOSE] = DEFAULT_VERBOSE;
#ifdef CAPABILITIES_SUPPORT
ctx_p->flags[CAP_PRESERVE] = CAP_PRESERVE_TRY;
ctx_p->caps = DEFAULT_PRESERVE_CAPABILITIES;
ctx_p->synchandler_uid = getuid();
ctx_p->synchandler_gid = getgid();
... ...
... ... @@ -138,7 +138,8 @@ int cap_drop(ctx_t *ctx_p, __u32 caps) {
cap_hdr.version = _LINUX_CAPABILITY_VERSION;
if (capget(&cap_hdr, &cap_dat) < 0) {
error("Cannot get capabilites with capget()");
if (ctx_p->flags[CAP_PRESERVE] != CAP_PRESERVE_TRY)
error("Cannot get capabilites with capget()");
return errno;
}
debug(3, "old: cap.eff == 0x%04x; cap.prm == 0x%04x; cap.inh == 0x%04x.",
... ... @@ -164,7 +165,8 @@ int cap_drop(ctx_t *ctx_p, __u32 caps) {
cap_dat.effective, cap_dat.permitted, cap_dat.inheritable);
if (capset(&cap_hdr, &cap_dat) < 0) {
error("Cannot set capabilities with capset().");
if (ctx_p->flags[CAP_PRESERVE] != CAP_PRESERVE_TRY)
error("Cannot set capabilities with capset().");
return errno;
}
... ...