Merge pull request #11512 from FRRouting/mergify/bp/stable/8.1/pr-11488

lib: Allow downgrade of all caps when none are specified (backport #11488)

lib/privs.c

@@ -282,9 +282,6 @@ static void zprivs_caps_init(struct zebra_privs_t *zprivs)
 		}
 	}
 
-	if (!zprivs_state.syscaps_p)
-		return;
-
 	if (!(zprivs_state.caps = cap_init())) {
 		fprintf(stderr, "privs_init: failed to cap_init, %s\n",
 			safe_strerror(errno));
@@ -297,10 +294,12 @@ static void zprivs_caps_init(struct zebra_privs_t *zprivs)
 		exit(1);
 	}
 
-	/* set permitted caps */
-	cap_set_flag(zprivs_state.caps, CAP_PERMITTED,
-		     zprivs_state.syscaps_p->num, zprivs_state.syscaps_p->caps,
-		     CAP_SET);
+	/* set permitted caps, if any */
+	if (zprivs_state.syscaps_p && zprivs_state.syscaps_p->num) {
+		cap_set_flag(zprivs_state.caps, CAP_PERMITTED,
+			     zprivs_state.syscaps_p->num,
+			     zprivs_state.syscaps_p->caps, CAP_SET);
+	}
 
 	/* set inheritable caps, if any */
 	if (zprivs_state.syscaps_i && zprivs_state.syscaps_i->num) {
@@ -360,7 +359,7 @@ static void zprivs_caps_terminate(void)
 	}
 
 	/* free up private state */
-	if (zprivs_state.syscaps_p->num) {
+	if (zprivs_state.syscaps_p && zprivs_state.syscaps_p->num) {
 		XFREE(MTYPE_PRIVS, zprivs_state.syscaps_p->caps);
 		XFREE(MTYPE_PRIVS, zprivs_state.syscaps_p);
 	}