virtiofsd: Check capability calls
Check the capability calls worked. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Acked-by: Vivek Goyal <vgoyal@redhat.com> Message-Id: <20200629115420.98443-3-dgilbert@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
This commit is contained in:
parent
b1288dfafb
commit
55b22a60cc
@ -2589,7 +2589,7 @@ static void setup_capabilities(void)
|
||||
*/
|
||||
capng_setpid(syscall(SYS_gettid));
|
||||
capng_clear(CAPNG_SELECT_BOTH);
|
||||
capng_updatev(CAPNG_ADD, CAPNG_PERMITTED | CAPNG_EFFECTIVE,
|
||||
if (capng_updatev(CAPNG_ADD, CAPNG_PERMITTED | CAPNG_EFFECTIVE,
|
||||
CAP_CHOWN,
|
||||
CAP_DAC_OVERRIDE,
|
||||
CAP_DAC_READ_SEARCH,
|
||||
@ -2599,11 +2599,21 @@ static void setup_capabilities(void)
|
||||
CAP_SETUID,
|
||||
CAP_MKNOD,
|
||||
CAP_SETFCAP,
|
||||
-1);
|
||||
-1)) {
|
||||
fuse_log(FUSE_LOG_ERR, "%s: capng_updatev failed\n", __func__);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
capng_apply(CAPNG_SELECT_BOTH);
|
||||
if (capng_apply(CAPNG_SELECT_BOTH)) {
|
||||
fuse_log(FUSE_LOG_ERR, "%s: capng_apply failed\n", __func__);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
cap.saved = capng_save_state();
|
||||
if (!cap.saved) {
|
||||
fuse_log(FUSE_LOG_ERR, "%s: capng_save_state failed\n", __func__);
|
||||
exit(1);
|
||||
}
|
||||
pthread_mutex_unlock(&cap.mutex);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user