From: Robert Swiecki <robert@swiecki.net>
Date: Sun, 12 Feb 2017 15:54:39 +0000 (+0100)
Subject: contain: capabilities
X-Git-Tag: 1.3~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5b07ba1d320bb66ce7b39dcb239ab919464b3539;p=platform%2Fupstream%2Fnsjail.git

contain: capabilities
---

diff --git a/contain.c b/contain.c
index 8b55aee..2d388ec 100644
--- a/contain.c
+++ b/contain.c
@@ -114,8 +114,8 @@ static bool containDropPrivs(struct nsjconf_t *nsjconf)
 			 * wait for the first one which returns EINVAL
 			 */
 			if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, i, 0UL, 0UL, 0UL) == -1
-			    && errno == EINVAL) {
-				break;
+			    && errno != EINVAL) {
+				PLOG_W("prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, %lu)", i);
 			}
 		}
 #endif				/* defined(PR_CAP_AMBIENT) */
@@ -125,8 +125,8 @@ static bool containDropPrivs(struct nsjconf_t *nsjconf)
 			 * Number of capabilities varies between kernels, so
 			 * wait for the first one which returns EINVAL
 			 */
-			if (prctl(PR_CAPBSET_DROP, i, 0UL, 0UL, 0UL) == -1 && errno == EINVAL) {
-				break;
+			if (prctl(PR_CAPBSET_DROP, i, 0UL, 0UL, 0UL) == -1 && errno != EINVAL) {
+				PLOG_W("prctl(PR_CAPBSET_DROP, %lu", i);
 			}
 		}
 		if (prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) == -1) {