From 4093d47b9913113e1e30f8cce82bd8104a0efa8e Mon Sep 17 00:00:00 2001
From: David Lamparter <equinox@opensourcerouting.org>
Date: Mon, 21 Aug 2017 20:17:53 +0200
Subject: [PATCH] lib: terminate capabilities only if initialized

zprivs_caps_init() is called conditionally, apply the same condition on
terminate.

Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
---
 lib/privs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/privs.c b/lib/privs.c
index eda3fb02d4..cfe7d6d6f8 100644
--- a/lib/privs.c
+++ b/lib/privs.c
@@ -856,7 +856,9 @@ void zprivs_terminate(struct zebra_privs_t *zprivs)
 	}
 
 #ifdef HAVE_CAPABILITIES
-	zprivs_caps_terminate();
+	if (zprivs->user || zprivs->group || zprivs->cap_num_p
+	    || zprivs->cap_num_i)
+		zprivs_caps_terminate();
 #else  /* !HAVE_CAPABILITIES */
 	/* only change uid if we don't have the correct one */
 	if ((zprivs_state.zuid) && (zprivs_state.zsuid != zprivs_state.zuid)) {
-- 
2.39.5