From 5b07ba1d320bb66ce7b39dcb239ab919464b3539 Mon Sep 17 00:00:00 2001
From: Robert Swiecki <robert@swiecki.net>
Date: Sun, 12 Feb 2017 16:54:39 +0100
Subject: [PATCH] contain: capabilities

---
 contain.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/contain.c b/contain.c
index 8b55aee..2d388ec 100644
--- a/contain.c
+++ b/contain.c
@@ -114,8 +114,8 @@ static bool containDropPrivs(struct nsjconf_t *nsjconf)
 			 * wait for the first one which returns EINVAL
 			 */
 			if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, i, 0UL, 0UL, 0UL) == -1
-			    && errno == EINVAL) {
-				break;
+			    && errno != EINVAL) {
+				PLOG_W("prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, %lu)", i);
 			}
 		}
 #endif				/* defined(PR_CAP_AMBIENT) */
@@ -125,8 +125,8 @@ static bool containDropPrivs(struct nsjconf_t *nsjconf)
 			 * Number of capabilities varies between kernels, so
 			 * wait for the first one which returns EINVAL
 			 */
-			if (prctl(PR_CAPBSET_DROP, i, 0UL, 0UL, 0UL) == -1 && errno == EINVAL) {
-				break;
+			if (prctl(PR_CAPBSET_DROP, i, 0UL, 0UL, 0UL) == -1 && errno != EINVAL) {
+				PLOG_W("prctl(PR_CAPBSET_DROP, %lu", i);
 			}
 		}
 		if (prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) == -1) {
-- 
2.34.1