ericonr
/
util-linux
mirror of https://github.com/ericonr/util-linux.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

setpriv: allow using [-+]all for capabilities. 

The initial change to lib/caputils that allowed this was commit
5d95818757, which made it possible to
trust the value returned by cap_last_cap().

The error message was also somewhat misleading, since cap_last_cap()
being smaller than CAP_LAST_CAP happens when setpriv itself is built
with kernel headers older than the currently running kernel, not due to
libcap-ng.
This commit is contained in:
Érico Rolim 2020-11-18 11:35:26 -03:00
parent 57b74b0dcb
commit 93de9f687d
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
sys-utils/setpriv.c
View File

@ -532,12 +532,9 @@ static void do_caps(enum cap_type type, const char *caps)
if (!strcmp(c + 1, "all")) {
int i;
/* It would be really bad if -all didn't drop all
* caps. It's better to just fail. */
if (cap_last_cap() > CAP_LAST_CAP)
errx(SETPRIV_EXIT_PRIVERR,
_("libcap-ng is too old for \"all\" caps"));
for (i = 0; i <= CAP_LAST_CAP; i++)
/* We can trust the return value from cap_last_cap(),
* so use that directly. */
for (i = 0; i <= cap_last_cap(); i++)
cap_update(action, type, i);
} else {
int cap = capng_name_to_capability(c + 1);