From: David Lamparter <equinox@opensourcerouting.org>
Date: Mon, 21 Aug 2017 18:17:53 +0000 (+0200)
Subject: lib: terminate capabilities only if initialized
X-Git-Tag: frr-4.0-dev~389^2
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=4093d47b9913113e1e30f8cce82bd8104a0efa8e;p=matthieu%2Ffrr.git

lib: terminate capabilities only if initialized

zprivs_caps_init() is called conditionally, apply the same condition on
terminate.

Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
---

diff --git a/lib/privs.c b/lib/privs.c
index eda3fb02d4..cfe7d6d6f8 100644
--- a/lib/privs.c
+++ b/lib/privs.c
@@ -856,7 +856,9 @@ void zprivs_terminate(struct zebra_privs_t *zprivs)
 	}
 
 #ifdef HAVE_CAPABILITIES
-	zprivs_caps_terminate();
+	if (zprivs->user || zprivs->group || zprivs->cap_num_p
+	    || zprivs->cap_num_i)
+		zprivs_caps_terminate();
 #else  /* !HAVE_CAPABILITIES */
 	/* only change uid if we don't have the correct one */
 	if ((zprivs_state.zuid) && (zprivs_state.zsuid != zprivs_state.zuid)) {