virtiofsd: Check capability calls

author Dr. David Alan Gilbert <dgilbert@redhat.com>

Mon, 29 Jun 2020 11:54:19 +0000 (12:54 +0100)

committer Dr. David Alan Gilbert <dgilbert@redhat.com>

Fri, 3 Jul 2020 15:23:05 +0000 (16:23 +0100)
author Dr. David Alan Gilbert <dgilbert@redhat.com>
Mon, 29 Jun 2020 11:54:19 +0000 (12:54 +0100)
committer Dr. David Alan Gilbert <dgilbert@redhat.com>
Fri, 3 Jul 2020 15:23:05 +0000 (16:23 +0100)
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c

index e373e3b36ec8ecf6c2a84907108739be67d7dcd4..99d562046abcdfff161244b75bb218e6067a3589 100644 (file)
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -2589,7 +2589,7 @@ static void setup_capabilities(void)
       */
      capng_setpid(syscall(SYS_gettid));
      capng_clear(CAPNG_SELECT_BOTH);
-    capng_updatev(CAPNG_ADD, CAPNG_PERMITTED | CAPNG_EFFECTIVE,
+    if (capng_updatev(CAPNG_ADD, CAPNG_PERMITTED | CAPNG_EFFECTIVE,
              CAP_CHOWN,
              CAP_DAC_OVERRIDE,
              CAP_DAC_READ_SEARCH,
@@ -2599,11 +2599,21 @@ static void setup_capabilities(void)
              CAP_SETUID,
              CAP_MKNOD,
              CAP_SETFCAP,
-            -1);
+            -1)) {
+        fuse_log(FUSE_LOG_ERR, "%s: capng_updatev failed\n", __func__);
+        exit(1);
+    }
  
-    capng_apply(CAPNG_SELECT_BOTH);
+    if (capng_apply(CAPNG_SELECT_BOTH)) {
+        fuse_log(FUSE_LOG_ERR, "%s: capng_apply failed\n", __func__);
+        exit(1);
+    }
  
      cap.saved = capng_save_state();
+    if (!cap.saved) {
+        fuse_log(FUSE_LOG_ERR, "%s: capng_save_state failed\n", __func__);
+        exit(1);
+    }
      pthread_mutex_unlock(&cap.mutex);
  }
author	Dr. David Alan Gilbert <dgilbert@redhat.com>
	Mon, 29 Jun 2020 11:54:19 +0000 (12:54 +0100)
committer	Dr. David Alan Gilbert <dgilbert@redhat.com>
	Fri, 3 Jul 2020 15:23:05 +0000 (16:23 +0100)