lib: terminate capabilities only if initialized

zprivs_caps_init() is called conditionally, apply the same condition on
terminate.

Signed-off-by: David Lamparter <equinox@opensourcerouting.org>

diff --git a/lib/privs.c b/lib/privs.c
index eda3fb02d4c0b72a7ea33b6504210107e256b9ea..cfe7d6d6f81bdf802191e2559f1438ab7c985e98 100644 (file)
--- a/lib/privs.c
+++ b/lib/privs.c
@@ -856,7 +856,9 @@ void zprivs_terminate(struct zebra_privs_t *zprivs)
        }
 
 #ifdef HAVE_CAPABILITIES
-       zprivs_caps_terminate();
+       if (zprivs->user || zprivs->group || zprivs->cap_num_p
+           || zprivs->cap_num_i)
+               zprivs_caps_terminate();
 #else  /* !HAVE_CAPABILITIES */
        /* only change uid if we don't have the correct one */
        if ((zprivs_state.zuid) && (zprivs_state.zsuid != zprivs_state.zuid)) {