don't play with the capabilities when we are root

We don't want to drop the capabilities when we are root because that leads to some problems. For exemple, sudo lxc-start -n foo -o $(tty) fails with "permission denied". Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>

don't play with the capabilities when we are root
7ee895e4 · Daniel Lezcano · Daniel Lezcano · b3ecde1e · 7ee895e4
Commit 7ee895e4 authored Oct 26, 2010 by Daniel Lezcano Committed by Daniel Lezcano Oct 26, 2010
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 0 deletions

caps.c src/lxc/caps.c +10 -0

No files found.
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -54,6 +54,11 @@ int lxc_caps_down(void)
 	cap_t caps;
 	int ret;

+	/* when we are run as root, we don't want to play
+	 * with the capabilities */
+	if (!getuid())
+		return 0;
+
 	caps = cap_get_proc();
 	if (!caps) {
 		ERROR("failed to cap_get_proc: %m");
@@ -83,6 +88,11 @@ int lxc_caps_up(void)
 	cap_value_t cap;
 	int ret;

+	/* when we are run as root, we don't want to play
+	 * with the capabilities */
+	if (!getuid())
+		return 0;
+
 	caps = cap_get_proc();
 	if (!caps) {
 		ERROR("failed to cap_get_proc: %m");