On Tue, 2025-03-04 at 19:17 +0800, Feng Yang wrote:
> From: Feng Yang <yangfeng@xxxxxxxxxx>
>
> Before:
> failed to restore CAP_SYS_ADMIN: -1, Unknown error -1
> ...
>
> After:
> failed to restore CAP_SYS_ADMIN: -1, Operation not permitted
> ...
>
> Signed-off-by: Feng Yang <yangfeng@xxxxxxxxxx>
> ---
I agree that this is a problem, however man page for capget/capset
functions says:
RETURN VALUE
On success, zero is returned. On error, -1 is returned, and errno is
set to indicate the error.
The calls fail with the error EINVAL, and set the version field of hdrp
to the kernel preferred value of _LINUX_CAPABILITY_VERSION_? when an
unsupported version value is specified. In this way, one can probe what
the current preferred capability revision is.
And cap_{enable,disable}_effective() a wrappers for capget/capset.
So, it looks like cap_{enable,disable}_effective need to be modified
to return either -EINVAL, or -errno, depending on the value returned
by capget/capset.
Could you please adjust that and send a v2?
[...]
