conf: don't report success when idmaptools lack all privilege

Fixes: #3777 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: don't report success when idmaptools lack all privilege
c0f1dc95 · Christian Brauner · 24d1ef2b · c0f1dc95
Unverified Commit c0f1dc95 authored Apr 12, 2021 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

conf.c src/lxc/conf.c +3 -2

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2816,6 +2816,8 @@ static int idmaptool_on_path_and_privileged(const char *binary, cap_value_t cap)
 	    lxc_file_cap_is_set(path, CAP_SETGID, CAP_EFFECTIVE) &&
 	    lxc_file_cap_is_set(path, CAP_SETGID, CAP_PERMITTED))
 		return log_debug(1, "The binary \"%s\" has CAP_SETGID in its CAP_EFFECTIVE and CAP_PERMITTED sets", path);
+
+	return 0;
 #else
 	/*
 	 * If we cannot check for file capabilities we need to give the benefit
@@ -2823,9 +2825,8 @@ static int idmaptool_on_path_and_privileged(const char *binary, cap_value_t cap)
 	 * file capabilities are set.
 	 */
 	DEBUG("Cannot check for file capabilities as full capability support is missing. Manual intervention needed");
-#endif
-
 	return 1;
+#endif
 }

 static int lxc_map_ids_exec_wrapper(void *args)