From fce70a877da27262b274e56e5b31fbd16753adff Mon Sep 17 00:00:00 2001 From: LiFeng Date: Sat, 26 Jan 2019 02:22:48 -0500 Subject: [PATCH 056/138] [caps]: use _LINUX_CAPABILITY_VERSION_3 to set cap Signed-off-by: LiFeng --- src/lxc/conf.c | 8 ++++---- src/lxc/seccomp.c | 1 - 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 4800943..0c6aa28 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -4322,13 +4322,13 @@ int lxc_drop_caps(struct lxc_conf *conf) memset(cap_data, 0, sizeof(struct __user_cap_data_struct) * 2); cap_header->pid = 0; - cap_header->version = _LINUX_CAPABILITY_VERSION; + cap_header->version = _LINUX_CAPABILITY_VERSION_3; for (i = 0; i < numcaps; i++) { if (caplist[i]) { - cap_data[CAP_TO_INDEX(i)].effective = cap_data[CAP_TO_INDEX(i)].effective | __DEF_CAP_TO_MASK(i); - cap_data[CAP_TO_INDEX(i)].permitted = cap_data[CAP_TO_INDEX(i)].permitted | __DEF_CAP_TO_MASK(i); - cap_data[CAP_TO_INDEX(i)].inheritable = cap_data[CAP_TO_INDEX(i)].inheritable | __DEF_CAP_TO_MASK(i); + cap_data[CAP_TO_INDEX(i)].effective = cap_data[CAP_TO_INDEX(i)].effective | (i > 31 ? __DEF_CAP_TO_MASK(i % 32) : __DEF_CAP_TO_MASK(i)); + cap_data[CAP_TO_INDEX(i)].permitted = cap_data[CAP_TO_INDEX(i)].permitted | (i > 31 ? __DEF_CAP_TO_MASK(i % 32) : __DEF_CAP_TO_MASK(i)); + cap_data[CAP_TO_INDEX(i)].inheritable = cap_data[CAP_TO_INDEX(i)].inheritable | (i > 31 ? __DEF_CAP_TO_MASK(i % 32) : __DEF_CAP_TO_MASK(i)); } } diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c index 3218a60..4a5b3d0 100644 --- a/src/lxc/seccomp.c +++ b/src/lxc/seccomp.c @@ -706,7 +706,6 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c goto bad; } else if (native_arch == lxc_seccomp_arch_mipsel64) { cur_rule_arch = lxc_seccomp_arch_all; -; ctx.lxc_arch[0] = lxc_seccomp_arch_mipsel; ctx.contexts[0] = get_new_ctx(lxc_seccomp_arch_mipsel, default_policy_action, &ctx.architectures[0]); -- 1.8.3.1