From 5812b45fb3a7188dee8361da5092f1d7b2b0f95f Mon Sep 17 00:00:00 2001
From: Mark Stapp <mjs@voltanet.io>
Date: Thu, 11 Jun 2020 15:30:36 -0400
Subject: [PATCH] lib: don't try to change/reset capabilities if process has
 none

A couple of daemons take/use no capabilities/privs; allow cleanup
of the privs/capabilities library module even if a daemon has no
caps.

Signed-off-by: Mark Stapp <mjs@voltanet.io>
---
 lib/privs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/privs.c b/lib/privs.c
index 09efedf684..eb0dbe0783 100644
--- a/lib/privs.c
+++ b/lib/privs.c
@@ -406,9 +406,11 @@ static void zprivs_caps_init(struct zebra_privs_t *zprivs)
 
 static void zprivs_caps_terminate(void)
 {
-	/* clear all capabilities */
+	/* Clear all capabilities, if we have any. */
 	if (zprivs_state.caps)
 		cap_clear(zprivs_state.caps);
+	else
+		return;
 
 	/* and boom, capabilities are gone forever */
 	if (cap_set_proc(zprivs_state.caps)) {
-- 
2.39.5