diff options
| author | Lennart Poettering <lennart@poettering.net> | 2011-07-14 19:40:23 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2011-07-14 19:40:23 +0200 |
| commit | f843534d18edda6c2a9c6df1c06423acecc6ca43 (patch) | |
| tree | ddfcf49b18bae634a99220cbc537acfb97bff0e0 | |
| parent | f9512c9c7d41db358f71aa9ed2911831d046b3d3 (diff) | |
caps: handle kernels with additional caps properly
| -rw-r--r-- | rtkit-daemon.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/rtkit-daemon.c b/rtkit-daemon.c index eca9ebb..f9d9811 100644 --- a/rtkit-daemon.c +++ b/rtkit-daemon.c @@ -1770,11 +1770,16 @@ static int drop_privileges(void) { CAP_SYS_PTRACE /* Needed so that we can read /proc/$$/exe. Linux is weird. */ }; - cap_value_t c; + cap_value_t c, m; cap_t caps; + m = CAP_LAST_CAP; + /* In case the number of caps in the kernel is increased, drop them too */ + if (m < 63) + m = 63; + /* Third, reduce bounding set */ - for (c = 0; c <= CAP_LAST_CAP; c++) { + for (c = 0; c <= m; c++) { unsigned u; bool keep = false; @@ -1785,7 +1790,7 @@ static int drop_privileges(void) { } if (!keep) - assert_se(prctl(PR_CAPBSET_DROP, c) == 0); + assert_se(prctl(PR_CAPBSET_DROP, c) == 0 || errno == EINVAL); } /* Fourth, say that we want to keep caps */ |