virtiofsd: Terminate capability list
capng_updatev is a varargs function that needs a -1 to terminate it,
but it was missing.
In practice what seems to have been happening is that it's added the
capabilities we asked for, then runs into junk on the stack, so if
we're unlucky it might be adding some more, but in reality it's
failing - but after adding the capabilities we asked for.
Fixes: a59feb483b
("virtiofsd: only retain file system capabilities")
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20200629115420.98443-2-dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
This commit is contained in:
parent
6651620b92
commit
b1288dfafb
@ -2598,7 +2598,9 @@ static void setup_capabilities(void)
|
|||||||
CAP_SETGID,
|
CAP_SETGID,
|
||||||
CAP_SETUID,
|
CAP_SETUID,
|
||||||
CAP_MKNOD,
|
CAP_MKNOD,
|
||||||
CAP_SETFCAP);
|
CAP_SETFCAP,
|
||||||
|
-1);
|
||||||
|
|
||||||
capng_apply(CAPNG_SELECT_BOTH);
|
capng_apply(CAPNG_SELECT_BOTH);
|
||||||
|
|
||||||
cap.saved = capng_save_state();
|
cap.saved = capng_save_state();
|
||||||
|
Loading…
Reference in New Issue
Block a user