daemon: cap-get-file: Return empty string if no capability on file (RHBZ#989356).

Return an empty string (instead of an error) if no capabilities are set on a file, and document that in the API.
2026-03-22 07:03:38 +00:00 · 2013-07-29 14:37:50 +01:00
parent fb282e677c
commit c663ab3bb9
2 changed files with 15 additions and 1 deletions
--- a/daemon/cap.c
+++ b/daemon/cap.c
@@ -48,6 +48,18 @@ do_cap_get_file (const char *path)
  CHROOT_OUT;

  if (cap == NULL) {
+    /* The getcap utility (part of libcap) ignores ENODATA.  It just
+     * means there is no capability attached to the file (RHBZ#989356).
+     */
+    if (errno == ENODATA) {
+      ret = strdup ("");
+      if (ret == NULL) {
+        reply_with_perror ("strdup");
+        return NULL;
+      }
+      return ret;
+    }
+
    reply_with_perror ("%s", path);
    return NULL;
  }
--- a/generator/actions.ml
+++ b/generator/actions.ml
@@ -10985,7 +10985,9 @@ attached to directory C<dir>." };
    shortdesc = "get the Linux capabilities attached to a file";
    longdesc = "\
 This function returns the Linux capabilities attached to C<path>.
-The capabilities set is returned in text form (see L<cap_to_text(3)>)." };
+The capabilities set is returned in text form (see L<cap_to_text(3)>).
+
+If no capabilities are attached to a file, an empty string is returned." };

  { defaults with
    name = "cap_set_file";