On 06/29/2012 12:14 PM, Serge Hallyn wrote:
> CAP_LAST_CAP in linux/capability.h doesn't always match what the kernel
> actually supports. If the kernel supports fewer capabilities, then a
> cap_get_flag for an unsupported capability returns -EINVAL.
>
> Recognize that, and don't fail when initializing capabilities when this
> happens, rather accept that we've reached the last capability.
>
> Changelog: remove unused lastcap variable (thanks stgraber)
>
> Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
> ---
> src/lxc/caps.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/src/lxc/caps.c b/src/lxc/caps.c
> index 10a0b4a..94c134d 100644
> --- a/src/lxc/caps.c
> +++ b/src/lxc/caps.c
> @@ -28,6 +28,7 @@
> #include <limits.h>
> #include <sys/prctl.h>
> #include <sys/capability.h>
> +#include <errno.h>
>
> #include "log.h"
>
> @@ -108,8 +109,13 @@ int lxc_caps_up(void)
>
> ret = cap_get_flag(caps, cap, CAP_PERMITTED, &flag);
> if (ret) {
> - ERROR("failed to cap_get_flag: %m");
> - goto out;
> + if (errno == EINVAL) {
> + INFO("Last supported cap was %d\n", cap-1);
> + break;
> + } else {
> + ERROR("failed to cap_get_flag: %m");
> + goto out;
> + }
> }
>
> ret = cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap, flag);
> Acked-by: Stéphane Graber <stgra...@ubuntu.com> -- Stéphane Graber Ubuntu developer http://www.ubuntu.com
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
