[PATCH 0/2] Check for capng_*() retvals - Devel - libvirt List Archives

newer
[PATCH (pushed)]...

[PATCH 0/2] Check for capng_*() retvals

older
[libvirt PATCH v4] ch: Fix...

Michal Privoznik

11 Sep 2023 11 Sep '23

10:18 a.m.

There's a commit inside of (yet-unreleased) libcap-ng which marks some functions as 'warned unused result'. Fedora rawhide already picked up the commit, but since we are not checking for all retvals we got a build failure on rawhide. https://src.fedoraproject.org/rpms/libcap-ng/c/fed9b23c8d0020e07c937a3ac0d6d... Green pipeline: https://gitlab.com/MichalPrivoznik/libvirt/-/pipelines/999435445 Michal Prívozník (2): lxc_container: Check retval of capng_get_caps_process() virutil: Check retval of capng_apply() src/lxc/lxc_container.c | 8 +++++++- src/util/virutil.c | 8 ++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) -- 2.41.0

Reply

Sign in to reply online Use email software

Show replies by date

Michal Privoznik

11 Sep 11 Sep

10:18 a.m.

New subject: [PATCH 1/2] lxc_container: Check retval of capng_get_caps_process()

Added in v0.6.5~14 the call to capng_get_caps_process() inside of lxcContainerDropCapabilities() is not really explained in the commit message. But looking into the libcap-ng sources it's to initialize the internal state of the library. But with recent libcap-ng commit [1] (which some bleeding edge distros - like Fedora rawhide - already picked up) the function has been marked as 'warn unused result'. Well, check for its retval then. 1: https://github.com/stevegrubb/libcap-ng/commit/a0743c335c9a16a2fda9b25120a55... Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/lxc/lxc_container.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 21220661f7..4c37fcd012 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1725,7 +1725,13 @@ static int lxcContainerDropCapabilities(virDomainDef *def, CAP_SYSLOG, CAP_WAKE_ALARM}; - capng_get_caps_process(); + /* Init the internal state of capng */ + if ((ret = capng_get_caps_process()) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Failed to get current process capabilities %1$d"), + ret); + return -1; + } /* Make sure we drop everything if required by the user */ if (policy == VIR_DOMAIN_CAPABILITIES_POLICY_DENY) -- 2.41.0

Reply

Sign in to reply online Use email software

Michal Privoznik

10:18 a.m.

New subject: [PATCH 2/2] virutil: Check retval of capng_apply()

Inside of virSetUIDGIDWithCaps() there's a naked call to capng_apply(), i.e. without any retval check. This is potentially dangerous as capng_apply() may fail. Do the check and report an error. This also fixes the build on bleeding edge distros - like Fedora rawhide - where the function is declared with 'warn unused result' [1]. 1: https://github.com/stevegrubb/libcap-ng/commit/a0743c335c9a16a2fda9b25120a55... Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/util/virutil.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/util/virutil.c b/src/util/virutil.c index b5b65fb415..edc39b981f 100644 --- a/src/util/virutil.c +++ b/src/util/virutil.c @@ -1200,8 +1200,12 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups, * do this if we failed to get the capability above, so ignore the * return value. */ - if (!need_setpcap) - capng_apply(CAPNG_SELECT_BOUNDS); + if (!need_setpcap && + (capng_ret = capng_apply(CAPNG_SELECT_BOUNDS)) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("cannot apply process capabilities %1$d"), capng_ret); + return -1; + } /* Drop the caps that allow setuid/gid (unless they were requested) */ if (need_setgid) -- 2.41.0

Reply

Sign in to reply online Use email software

Ján Tomko

10:27 a.m.

On a Monday in 2023, Michal Privoznik wrote:

There's a commit inside of (yet-unreleased) libcap-ng which marks some functions as 'warned unused result'. Fedora rawhide already picked up the commit, but since we are not checking for all retvals we got a build failure on rawhide.

https://src.fedoraproject.org/rpms/libcap-ng/c/fed9b23c8d0020e07c937a3ac0d6d...

Green pipeline:

https://gitlab.com/MichalPrivoznik/libvirt/-/pipelines/999435445

Michal Prívozník (2): lxc_container: Check retval of capng_get_caps_process() virutil: Check retval of capng_apply()

src/lxc/lxc_container.c | 8 +++++++- src/util/virutil.c | 8 ++++++-- 2 files changed, 13 insertions(+), 3 deletions(-)

Please add a separating ':' between "capabilities" and the number, as we do elsewhere when printing capng's error codes. Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano

Reply

Sign in to reply online Use email software

Martin Kletzander

10:31 a.m.

On Mon, Sep 11, 2023 at 12:18:28PM +0200, Michal Privoznik wrote:

There's a commit inside of (yet-unreleased) libcap-ng which marks some functions as 'warned unused result'. Fedora rawhide already picked up the commit, but since we are not checking for all retvals we got a build failure on rawhide.

https://src.fedoraproject.org/rpms/libcap-ng/c/fed9b23c8d0020e07c937a3ac0d6d...

Green pipeline:

https://gitlab.com/MichalPrivoznik/libvirt/-/pipelines/999435445

Michal Prívozník (2): lxc_container: Check retval of capng_get_caps_process() virutil: Check retval of capng_apply()

Reviewed-by: Martin Kletzander <mkletzan@redhat.com> Checking return values is nicer anyway.

src/lxc/lxc_container.c | 8 +++++++- src/util/virutil.c | 8 ++++++-- 2 files changed, 13 insertions(+), 3 deletions(-)

-- 2.41.0

Reply

Sign in to reply online Use email software

723

Age (days ago)

723

Last active (days ago)

Download

4 comments

3 participants

tags

participants (3)

Ján Tomko
Martin Kletzander
Michal Privoznik