Also drop caps in unpriv containers

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Also drop caps in unpriv containers
97a8f74f · Stéphane Graber · 98b74549 · 97a8f74f
Commit 97a8f74f authored Dec 26, 2014 by Stéphane Graber
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 12 deletions

conf.c src/lxc/conf.c +10 -12

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -4158,20 +4158,18 @@ int lxc_setup(struct lxc_handler *handler)
 		return -1;
 	}
-	if (lxc_list_empty(&lxc_conf->id_map)) {
+	if (!lxc_list_empty(&lxc_conf->keepcaps)) {
-		if (!lxc_list_empty(&lxc_conf->keepcaps)) {
+		if (!lxc_list_empty(&lxc_conf->caps)) {
-			if (!lxc_list_empty(&lxc_conf->caps)) {
+			ERROR("Simultaneously requested dropping and keeping caps");
-				ERROR("Simultaneously requested dropping and keeping caps");
-				return -1;
-			}
-			if (dropcaps_except(&lxc_conf->keepcaps)) {
-				ERROR("failed to keep requested caps");
-				return -1;
-			}
-		} else if (setup_caps(&lxc_conf->caps)) {
-			ERROR("failed to drop capabilities");
 			return -1;
 		}
+		if (dropcaps_except(&lxc_conf->keepcaps)) {
+			ERROR("failed to keep requested caps");
+			return -1;
+		}
+	} else if (setup_caps(&lxc_conf->caps)) {
+		ERROR("failed to drop capabilities");
+		return -1;
 	}
 	NOTICE("'%s' is setup.", name);