From: Mark Stapp <mjs@voltanet.io>
Date: Thu, 11 Jun 2020 19:30:36 +0000 (-0400)
Subject: lib: don't try to change/reset capabilities if process has none
X-Git-Tag: frr-7.4~2^2~1
X-Git-Url: https://git.puffer.fish/?a=commitdiff_plain;h=5812b45fb3a7188dee8361da5092f1d7b2b0f95f;p=matthieu%2Ffrr.git

lib: don't try to change/reset capabilities if process has none

A couple of daemons take/use no capabilities/privs; allow cleanup
of the privs/capabilities library module even if a daemon has no
caps.

Signed-off-by: Mark Stapp <mjs@voltanet.io>
---

diff --git a/lib/privs.c b/lib/privs.c
index 09efedf684..eb0dbe0783 100644
--- a/lib/privs.c
+++ b/lib/privs.c
@@ -406,9 +406,11 @@ static void zprivs_caps_init(struct zebra_privs_t *zprivs)
 
 static void zprivs_caps_terminate(void)
 {
-	/* clear all capabilities */
+	/* Clear all capabilities, if we have any. */
 	if (zprivs_state.caps)
 		cap_clear(zprivs_state.caps);
+	else
+		return;
 
 	/* and boom, capabilities are gone forever */
 	if (cap_set_proc(zprivs_state.caps)) {