From nobody Mon Feb 9 05:42:16 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1624605824; cv=none; d=zohomail.com; s=zohoarc; b=fyGSPLP3MbP0YK/BsavTpzyh9/sswjLuDP77GUZ/5Y52EOlAWesnHZDfNZ1GwuQKPzrkmALzdmFJf2EtJ9UD9W38GgANSF1GEzVM6tUz2xhq1bQ5lruElY/Gj78RTbj9bBlnB8GFjalo28svNhySvV1NzkFTRNWxBN0ja/y26ac= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1624605824; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=0Cta1tZYh42XgRKYNQiwQKbEt7aBfJu/yziQk7A55qw=; b=P2ckTxktf5Ea0va2IH1bQwNC8NFZvrDAEKWgHiIcL4Dyr3uKVvcV3YOlBK3bB/HD8ytTtiJMkAsiipXD9FoH2GEFc7oi1MRV7Vt7JnZeEBEu3Bi2p3CvMiAsexcVnZGq1kdux/IFAHOkn4zxQoGFOUvxEXtSe9zSHm9DqNtjBS4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1624605824494161.31038572754528; Fri, 25 Jun 2021 00:23:44 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-344-1L4DWrloPGC8LMkY3eUA9A-1; Fri, 25 Jun 2021 03:23:41 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 41E158042A8; Fri, 25 Jun 2021 07:23:36 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F3A5560240; Fri, 25 Jun 2021 07:23:35 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B87934EA2F; Fri, 25 Jun 2021 07:23:35 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 15P7NAbf013386 for ; Fri, 25 Jun 2021 03:23:10 -0400 Received: by smtp.corp.redhat.com (Postfix) id 6D1501A26A; Fri, 25 Jun 2021 07:23:10 +0000 (UTC) Received: from localhost.localdomain (unknown [10.40.194.21]) by smtp.corp.redhat.com (Postfix) with ESMTP id E692919C45 for ; Fri, 25 Jun 2021 07:23:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1624605823; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=0Cta1tZYh42XgRKYNQiwQKbEt7aBfJu/yziQk7A55qw=; b=JMiGCdf9M7fwiV4JE0U0tNKuie6dxvlWpKMwIIBWZyhGvdte4hfla4QxY/+NRi3f5m6kAx jb/T3imrKBkSjjYNnSSCXQv9XoerHUzPalt5GCbmPr4bA6LqJwg568FVyewt09SdSPA8qG SkhB92YMepIx0gegs74oBGxX79EiaAY= X-MC-Unique: 1L4DWrloPGC8LMkY3eUA9A-1 From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH 2/2] virSetUIDGIDWithCaps: Assume PR_CAPBSET_DROP is always defined Date: Fri, 25 Jun 2021 09:22:56 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Bounding set capabilities were introduced in kernel commit of v2.6.25-rc1~912. I guess it is safe to assume that all Linux hosts we ran on have at least that version or newer. Signed-off-by: Michal Privoznik --- src/util/virutil.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/util/virutil.c b/src/util/virutil.c index 199d405286..ed3d57662b 100644 --- a/src/util/virutil.c +++ b/src/util/virutil.c @@ -1182,13 +1182,12 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *g= roups, int ngroups, need_setuid =3D true; capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SETUI= D); } -# ifdef PR_CAPBSET_DROP - /* If newer kernel, we need also need setpcap to change the bounding s= et */ + + /* We need also need setpcap to change the bounding set */ if (!capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) { need_setpcap =3D true; capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SETPC= AP); } -# endif =20 /* Tell system we want to keep caps across uid change */ if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) { --=20 2.31.1