mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 05:35:25 +00:00
virutil: Check retval of capng_apply()
Inside of virSetUIDGIDWithCaps() there's a naked call to
capng_apply(), i.e. without any retval check. This is potentially
dangerous as capng_apply() may fail. Do the check and report an
error.
This also fixes the build on bleeding edge distros - like Fedora
rawhide - where the function is declared with 'warn unused
result' [1].
1: a0743c335c
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
This commit is contained in:
parent
3222c9ca67
commit
c96b3f5b5d
@ -1200,8 +1200,12 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups,
|
||||
* do this if we failed to get the capability above, so ignore the
|
||||
* return value.
|
||||
*/
|
||||
if (!need_setpcap)
|
||||
capng_apply(CAPNG_SELECT_BOUNDS);
|
||||
if (!need_setpcap &&
|
||||
(capng_ret = capng_apply(CAPNG_SELECT_BOUNDS)) < 0) {
|
||||
virReportError(VIR_ERR_INTERNAL_ERROR,
|
||||
_("cannot apply process capabilities: %1$d"), capng_ret);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Drop the caps that allow setuid/gid (unless they were requested) */
|
||||
if (need_setgid)
|
||||
|
Loading…
Reference in New Issue
Block a user