From f843534d18edda6c2a9c6df1c06423acecc6ca43 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 14 Jul 2011 19:40:23 +0200
Subject: caps: handle kernels with additional caps properly

---
 rtkit-daemon.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/rtkit-daemon.c b/rtkit-daemon.c
index eca9ebb..f9d9811 100644
--- a/rtkit-daemon.c
+++ b/rtkit-daemon.c
@@ -1770,11 +1770,16 @@ static int drop_privileges(void) {
                         CAP_SYS_PTRACE            /* Needed so that we can read /proc/$$/exe. Linux is weird. */
                 };
 
-                cap_value_t c;
+                cap_value_t c, m;
                 cap_t caps;
 
+                m = CAP_LAST_CAP;
+                /* In case the number of caps in the kernel is increased, drop them too */
+                if (m < 63)
+                        m = 63;
+
                 /* Third, reduce bounding set */
-                for (c = 0; c <= CAP_LAST_CAP; c++) {
+                for (c = 0; c <= m; c++) {
                         unsigned u;
                         bool keep = false;
 
@@ -1785,7 +1790,7 @@ static int drop_privileges(void) {
                                 }
 
                         if (!keep)
-                                assert_se(prctl(PR_CAPBSET_DROP, c) == 0);
+                                assert_se(prctl(PR_CAPBSET_DROP, c) == 0 || errno == EINVAL);
                 }
 
                 /* Fourth, say that we want to keep caps */
-- 
cgit