From: "Richard W.M. Jones" <rjones(a)redhat.com>
Return an empty string (instead of an error) if no capabilities are
set on a file, and document that in the API.
(cherry picked from commit c663ab3bb9ab02fb3ca6209333c2d5402081c4de)
---
daemon/cap.c | 12 ++++++++++++
generator/actions.ml | 4 +++-
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/daemon/cap.c b/daemon/cap.c
index d1f0398..1d732c5 100644
--- a/daemon/cap.c
+++ b/daemon/cap.c
@@ -48,6 +48,18 @@ do_cap_get_file (const char *path)
CHROOT_OUT;
if (cap == NULL) {
+ /* The getcap utility (part of libcap) ignores ENODATA. It just
+ * means there is no capability attached to the file (RHBZ#989356).
+ */
+ if (errno == ENODATA) {
+ ret = strdup ("");
+ if (ret == NULL) {
+ reply_with_perror ("strdup");
+ return NULL;
+ }
+ return ret;
+ }
+
reply_with_perror ("%s", path);
return NULL;
}
diff --git a/generator/actions.ml b/generator/actions.ml
index 238553d..d30aec8 100644
--- a/generator/actions.ml
+++ b/generator/actions.ml
@@ -10928,7 +10928,9 @@ attached to directory C<dir>." };
shortdesc = "get the Linux capabilities attached to a file";
longdesc = "\
This function returns the Linux capabilities attached to C<path>.
-The capabilities set is returned in text form (see L<cap_to_text(3)>)." };
+The capabilities set is returned in text form (see L<cap_to_text(3)>).
+
+If no capabilities are attached to a file, an empty string is returned." };
{ defaults with
name = "cap_set_file";
--
1.8.3.1