[Lxc-users] [PATCH 1/1] Fix lxc's handling of CAP_LAST_CAP (v2)

Stéphane Graber stgraber at ubuntu.com
Fri Jun 29 16:16:32 UTC 2012


On 06/29/2012 12:14 PM, Serge Hallyn wrote:
> CAP_LAST_CAP in linux/capability.h doesn't always match what the kernel
> actually supports.  If the kernel supports fewer capabilities, then a
> cap_get_flag for an unsupported capability returns -EINVAL.
> 
> Recognize that, and don't fail when initializing capabilities when this
> happens, rather accept that we've reached the last capability.
> 
> Changelog: remove unused lastcap variable (thanks stgraber)
> 
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> ---
>  src/lxc/caps.c |   10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/src/lxc/caps.c b/src/lxc/caps.c
> index 10a0b4a..94c134d 100644
> --- a/src/lxc/caps.c
> +++ b/src/lxc/caps.c
> @@ -28,6 +28,7 @@
>  #include <limits.h>
>  #include <sys/prctl.h>
>  #include <sys/capability.h>
> +#include <errno.h>
>  
>  #include "log.h"
>  
> @@ -108,8 +109,13 @@ int lxc_caps_up(void)
>  
>  		ret = cap_get_flag(caps, cap, CAP_PERMITTED, &flag);
>  		if (ret) {
> -			ERROR("failed to cap_get_flag: %m");
> -			goto out;
> +			if (errno == EINVAL) {
> +				INFO("Last supported cap was %d\n", cap-1);
> +				break;
> +			} else {
> +				ERROR("failed to cap_get_flag: %m");
> +				goto out;
> +			}
>  		}
>  
>  		ret = cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap, flag);
> 

Acked-by: Stéphane Graber <stgraber at ubuntu.com>

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20120629/eda47bc3/attachment.pgp>


More information about the lxc-users mailing list