system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-22 02:34:54 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

basic: Fix capability_ambient_set_apply for kernels < 4.3

Browse source 
https://github.com/systemd/systemd/pull/14133 made
capability_ambient_set_apply() acquire capabilities that were explicitly
asked for and drop all others. This change means the function is called
even with an empty capability set, opening up a code path for users
without ambient capabilities to call this function. This function will
error with EINVAL out on kernels < 4.3 because PR_CAP_AMBIENT is not
understood. This turns capability_ambient_set_apply() into a noop for
kernels < 4.3

Fixes https://github.com/systemd/systemd/issues/15225
This commit is contained in:
Kevin Kuehler 2020-03-27 15:57:02 -07:00 committed by Zbigniew Jędrzejewski-Szmek
parent 3e118d135b
commit 7ea4392f1e
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/basic/capability-util.c
View file

@ -107,6 +107,10 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) {
unsigned long i;
int r;
/* Check that we can use PR_CAP_AMBIENT or quit early. */
if (!ambient_capabilities_supported())
return 0;
/* Add the capabilities to the ambient set. */
if (also_inherit) {