diff options
| author | Alexander Koch <mail@alexanderkoch.net> | 2020-12-16 22:44:56 +0100 |
|---|---|---|
| committer | Pavel Shilovsky <pshilov@microsoft.com> | 2020-12-16 15:51:27 -0800 |
| commit | 207f19285e8388ea1933414941dbb05c99b57f76 (patch) | |
| tree | 64abff9ff8b4a2404328787a19c4961c08d575c7 /idmap_plugin.h | |
| parent | 1a1507654c5f4367c27a11dfdbcfea42110c670c (diff) | |
| download | cifs-utils-207f19285e8388ea1933414941dbb05c99b57f76.tar.gz cifs-utils-207f19285e8388ea1933414941dbb05c99b57f76.tar.bz2 cifs-utils-207f19285e8388ea1933414941dbb05c99b57f76.zip | |
cifs.upcall: drop bounding capabilities only if CAP_SETPCAP is given
Make drop_call_capabilities() in cifs.upcall update the bounding capabilities
only if CAP_SETCAP is present.
This is an addendum to the patch recently provided in [1]. Without this
additional change, cifs.upcall can still fail while trying to mount a CIFS
network share with krb5:
kernel: CIFS: Attempting to mount //server.domain.lan/myshare
cifs.upcall[39484]: key description: cifs.spnego;0;0;39010000;ver=0x2;host=server.domain.lan>
cifs.upcall[39484]: ver=2
cifs.upcall[39484]: host=server.domain.lan
cifs.upcall[39484]: ip=172.22.3.14
cifs.upcall[39484]: sec=1
cifs.upcall[39484]: uid=1000
cifs.upcall[39484]: creduid=1000
cifs.upcall[39484]: user=username
cifs.upcall[39484]: pid=39481
cifs.upcall[39484]: get_cachename_from_process_env: pathname=/proc/39481/environ
cifs.upcall[39484]: get_cachename_from_process_env: cachename = FILE:/tmp/.krb5cc_1000
cifs.upcall[39484]: drop_all_capabilities: Unable to apply capability set: Success
cifs.upcall[39484]: Exit status 1
[1] https://marc.info/?l=linux-cifs&m=160595758021261
Signed-off-by: Alexander Koch <mail@alexanderkoch.net>
Signed-off-by: Jonas Witschel <diabonas@archlinux.org>
Diffstat (limited to 'idmap_plugin.h')
0 files changed, 0 insertions, 0 deletions