packages/lxc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lxc/0056-caps-use-_LINUX_CAPABILITY_VERSION_3-to-set-cap.patch
LiFeng c1c967d9bc lxc: make lxc-libs package 
Signed-off-by: LiFeng <lifeng68@huawei.com>
2020-02-14 06:13:22 -05:00

49 lines
2.0 KiB
Diff
Raw Blame History

From a847fcefdce50fa6b6fe307ff4f80d9f7927eb35 Mon Sep 17 00:00:00 2001
From: LiFeng <lifeng68@huawei.com>
Date: Sat, 26 Jan 2019 02:22:48 -0500
Subject: [PATCH 056/139] [caps]: use _LINUX_CAPABILITY_VERSION_3 to set cap
Signed-off-by: LiFeng <lifeng68@huawei.com>
---
src/lxc/conf.c | 8 ++++----
src/lxc/seccomp.c | 1 -
2 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 4800943..0c6aa28 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -4322,13 +4322,13 @@ int lxc_drop_caps(struct lxc_conf *conf)
memset(cap_data, 0, sizeof(struct __user_cap_data_struct) * 2);
cap_header->pid = 0;
- cap_header->version = _LINUX_CAPABILITY_VERSION;
+ cap_header->version = _LINUX_CAPABILITY_VERSION_3;
for (i = 0; i < numcaps; i++) {
if (caplist[i]) {
- cap_data[CAP_TO_INDEX(i)].effective = cap_data[CAP_TO_INDEX(i)].effective | __DEF_CAP_TO_MASK(i);
- cap_data[CAP_TO_INDEX(i)].permitted = cap_data[CAP_TO_INDEX(i)].permitted | __DEF_CAP_TO_MASK(i);
- cap_data[CAP_TO_INDEX(i)].inheritable = cap_data[CAP_TO_INDEX(i)].inheritable | __DEF_CAP_TO_MASK(i);
+ cap_data[CAP_TO_INDEX(i)].effective = cap_data[CAP_TO_INDEX(i)].effective | (i > 31 ? __DEF_CAP_TO_MASK(i % 32) : __DEF_CAP_TO_MASK(i));
+ cap_data[CAP_TO_INDEX(i)].permitted = cap_data[CAP_TO_INDEX(i)].permitted | (i > 31 ? __DEF_CAP_TO_MASK(i % 32) : __DEF_CAP_TO_MASK(i));
+ cap_data[CAP_TO_INDEX(i)].inheritable = cap_data[CAP_TO_INDEX(i)].inheritable | (i > 31 ? __DEF_CAP_TO_MASK(i % 32) : __DEF_CAP_TO_MASK(i));
}
}
diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c
index 3218a60..4a5b3d0 100644
--- a/src/lxc/seccomp.c
+++ b/src/lxc/seccomp.c
@@ -706,7 +706,6 @@ static int parse_config_v2(FILE *f, char *line, size_t *line_bufsz, struct lxc_c
goto bad;
} else if (native_arch == lxc_seccomp_arch_mipsel64) {
cur_rule_arch = lxc_seccomp_arch_all;
-;
ctx.lxc_arch[0] = lxc_seccomp_arch_mipsel;
ctx.contexts[0] = get_new_ctx(lxc_seccomp_arch_mipsel,
default_policy_action, &ctx.architectures[0]);
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink