Skip to content

Commit

Permalink
Merge pull request #2829 from brauner/2019-02-08/capabilities
Browse files Browse the repository at this point in the history 
caps: check uid and euid
  • Loading branch information
@stgraber
stgraber committed Feb 9, 2019
2 parents f57860a + df9bf8c commit 3e0aac1
Showing 1 changed file with 2 additions and 4 deletions.
6 changes: 2 additions & 4 deletions src/lxc/caps.c
View file
Expand Up @@ -136,8 +136,7 @@ int lxc_ambient_caps_up(void)
int last_cap = CAP_LAST_CAP;
char *cap_names = NULL;

/* When we are root, we don't want to play with capabilities. */
if (!getuid())
if (!getuid() || geteuid())
return 0;

caps = cap_get_proc();
Expand Down Expand Up @@ -204,8 +203,7 @@ int lxc_ambient_caps_down(void)
cap_t caps;
cap_value_t cap;

/* When we are root, we don't want to play with capabilities. */
if (!getuid())
if (!getuid() || geteuid())
return 0;

ret = prctl(PR_CAP_AMBIENT, prctl_arg(PR_CAP_AMBIENT_CLEAR_ALL),
Expand Down

0 comments on commit 3e0aac1

Please sign in to comment.