diff -ru a/src/cap-ng.c b/src/cap-ng.c --- a/src/cap-ng.c +++ b/src/cap-ng.c @@ -46,7 +46,7 @@ #endif # define hidden __attribute__ ((visibility ("hidden"))) -int last_cap hidden = -1; +unsigned int last_cap hidden = 0; /* * Some milestones of when things became available: * 2.6.24 kernel XATTR_NAME_CAPS @@ -65,7 +65,7 @@ // Local defines #define MASK(x) (1U << (x)) #ifdef PR_CAPBSET_DROP -#define UPPER_MASK ~(unsigned)((~0U)<<(last_cap-31)) +#define UPPER_MASK ~((~0U)<<(last_cap-31)) #else // For v1 systems UPPER_MASK will never be used #define UPPER_MASK (unsigned)(~0U) @@ -73,7 +73,7 @@ // Re-define cap_valid so its uniform between V1 and V3 #undef cap_valid -#define cap_valid(x) ((x) <= (unsigned int)last_cap) +#define cap_valid(x) ((x) <= last_cap) // If we don't have the xattr library, then we can't // compile-in file system capabilities @@ -174,6 +174,26 @@ #ifdef HAVE_PTHREAD_H pthread_atfork(NULL, NULL, deinit); #endif + // Detect last cap + if (last_cap == 0) { + int fd; + + fd = open("/proc/sys/kernel/cap_last_cap", O_RDONLY); + if (fd >= 0) { + char buf[8]; + int num = read(fd, buf, sizeof(buf) - 1); + if (num > 0) { + buf[num] = 0; + errno = 0; + unsigned int val = strtoul(buf, NULL, 10); + if (errno == 0) + last_cap = val; + } + close(fd); + } + if (last_cap == 0) + last_cap = CAP_LAST_CAP; + } } static void init(void) @@ -199,26 +219,6 @@ #else m.hdr.pid = (unsigned)getpid(); #endif - // Detect last cap - if (last_cap == -1) { - int fd; - - fd = open("/proc/sys/kernel/cap_last_cap", O_RDONLY); - if (fd >= 0) { - char buf[8]; - int num = read(fd, buf, sizeof(buf) - 1); - if (num > 0) { - buf[num] = 0; - errno = 0; - int val = strtoul(buf, NULL, 10); - if (errno == 0) - last_cap = val; - } - close(fd); - } - if (last_cap == -1) - last_cap = CAP_LAST_CAP; - } m.state = CAPNG_ALLOCATED; } @@ -478,7 +478,7 @@ if (CAPNG_INHERITABLE & type) v1_update(action, capability, &m.data.v1.inheritable); } else { - int idx; + unsigned int idx; if (capability > 31) { idx = capability>>5; @@ -545,7 +545,7 @@ memcpy(&state, &m, sizeof(state)); /* save state */ capng_get_caps_process(); if (capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) { - int i; + unsigned int i; memcpy(&m, &state, sizeof(m)); /* restore state */ rc = 0; for (i=0; i <= last_cap && rc == 0; i++) @@ -602,7 +602,7 @@ #ifndef VFS_CAP_U32 return -1; #else - int rc, size; + int rc, size = 0; struct vfs_cap_data filedata; struct stat buf; @@ -1010,7 +1010,7 @@ char *capng_print_caps_text(capng_print_t where, capng_type_t which) { - int i, once = 0, cnt = 0; + unsigned int i, once = 0, cnt = 0; char *ptr = NULL; if (m.state < CAPNG_INIT) diff -ru a/src/lookup_table.c b/src/lookup_table.c --- a/src/lookup_table.c +++ b/src/lookup_table.c @@ -29,10 +29,10 @@ #define hidden __attribute__ ((visibility ("hidden"))) -extern int last_cap hidden; +extern unsigned int last_cap hidden; #undef cap_valid -#define cap_valid(x) ((x) <= (unsigned int)last_cap) +#define cap_valid(x) ((x) <= last_cap) struct transtab { diff -ru a/src/test/lib_test.c b/src/test/lib_test.c --- a/src/test/lib_test.c +++ b/src/test/lib_test.c @@ -29,7 +29,7 @@ #include #include -int get_last_cap(void) +static unsigned int get_last_cap(void) { int fd; @@ -41,17 +41,19 @@ int num = read(fd, buf, sizeof(buf)); if (num > 0) { errno = 0; - int val = strtoul(buf, NULL, 10); + unsigned int val = strtoul(buf, NULL, 10); if (errno == 0) return val; } + close(fd); } return CAP_LAST_CAP; } int main(void) { - int rc, i, len, last = get_last_cap(); + int rc; + unsigned int i, len, last = get_last_cap(); char *text; void *saved; @@ -127,7 +129,7 @@ abort(); } name = capng_capability_to_name(i); - if (name == NULL) { + if (name == NULL) { printf("Failed converting capability %d to name\n", i); abort(); }