From 1fa861ecb9fa6327af7e8b6af213ead16fe76f47 Mon Sep 17 00:00:00 2001 From: Klaus Schmidinger Date: Mon, 18 Mar 2019 13:39:56 +0100 Subject: [PATCH] Fixed dropping capabilities in case cap_sys_time is not available --- HISTORY | 3 ++- vdr.c | 22 ++++++++++++++++++++-- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/HISTORY b/HISTORY index 584c5e2e..a89a8a5f 100644 --- a/HISTORY +++ b/HISTORY @@ -9348,7 +9348,7 @@ Video Disk Recorder Revision History Senzel). - Official release. -2019-03-17: Version 2.4.1 +2019-03-18: Version 2.4.1 - Fixed handling the tfRecording flag in the SVDRP commands MODT and UPDT (reported by Johann Friedrichs). @@ -9386,3 +9386,4 @@ Video Disk Recorder Revision History - Fixed processing SI::T2DeliverySystemDescriptor when typecasting it over an SI::ExtensionDescriptor (reported by Helmut Binder). - Fixed sorting recordings alphabetically. +- Fixed dropping capabilities in case cap_sys_time is not available. diff --git a/vdr.c b/vdr.c index 140f7501..0ffa1fca 100644 --- a/vdr.c +++ b/vdr.c @@ -22,7 +22,7 @@ * * The project's page is at http://www.tvdr.de * - * $Id: vdr.c 4.28 2019/03/12 10:01:16 kls Exp $ + * $Id: vdr.c 4.29 2019/03/18 11:17:07 kls Exp $ */ #include @@ -126,7 +126,25 @@ static bool SetUser(const char *User, bool UserDump) static bool DropCaps(void) { // drop all capabilities except selected ones - cap_t caps = cap_from_text("= cap_sys_nice,cap_sys_time,cap_net_raw=ep"); + cap_t caps_all = cap_get_proc(); + if (!caps_all) { + fprintf(stderr, "vdr: cap_get_proc failed: %s\n", strerror(errno)); + return false; + } + char *caps_text = cap_to_text(caps_all, NULL); + if (!caps_text) { + fprintf(stderr, "vdr: cap_to_text failed: %s\n", strerror(errno)); + return false; + } + if (cap_free(caps_all)) { + fprintf(stderr, "vdr: cap_free failed: %s\n", strerror(errno)); + return false; + } + cap_t caps; + if (strstr(caps_text,"cap_sys_time")) + caps = cap_from_text("= cap_sys_nice,cap_sys_time,cap_net_raw=ep"); + else + caps = cap_from_text("= cap_sys_nice,cap_net_raw=ep"); if (!caps) { fprintf(stderr, "vdr: cap_from_text failed: %s\n", strerror(errno)); return false;