[Lxc-users] [PATCH 1/1] Fix lxc's handling of CAP_LAST_CAP (v2)
Serge Hallyn
serge.hallyn at canonical.com
Fri Jun 29 16:14:38 UTC 2012
CAP_LAST_CAP in linux/capability.h doesn't always match what the kernel
actually supports. If the kernel supports fewer capabilities, then a
cap_get_flag for an unsupported capability returns -EINVAL.
Recognize that, and don't fail when initializing capabilities when this
happens, rather accept that we've reached the last capability.
Changelog: remove unused lastcap variable (thanks stgraber)
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
src/lxc/caps.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index 10a0b4a..94c134d 100644
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -28,6 +28,7 @@
#include <limits.h>
#include <sys/prctl.h>
#include <sys/capability.h>
+#include <errno.h>
#include "log.h"
@@ -108,8 +109,13 @@ int lxc_caps_up(void)
ret = cap_get_flag(caps, cap, CAP_PERMITTED, &flag);
if (ret) {
- ERROR("failed to cap_get_flag: %m");
- goto out;
+ if (errno == EINVAL) {
+ INFO("Last supported cap was %d\n", cap-1);
+ break;
+ } else {
+ ERROR("failed to cap_get_flag: %m");
+ goto out;
+ }
}
ret = cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap, flag);
--
1.7.9.5
More information about the lxc-users
mailing list