diff options
author | Pavlina Moravcova Varekova <pmoravco@redhat.com> | 2018-11-29 13:01:29 +0100 |
---|---|---|
committer | Pavlina Moravcova Varekova <pmoravco@redhat.com> | 2018-11-29 13:01:29 +0100 |
commit | ad8c12c5d962c136232d6309d3324a4e57b32877 (patch) | |
tree | a4707df7f7893a228ebbe2e7562d80ec912a0b88 /lib/verify.c | |
parent | 4ebce1eed2d2e9b7220dda750a04451a0a08441d (diff) | |
download | rpm-ad8c12c5d962c136232d6309d3324a4e57b32877.tar.gz |
Distinguish empty and no capabilities in RPM verification
The original file capability verification in rpm incorrectly assumed
empty capabilities equals no capabilities, now we differentiate
between the two and report it in verification. Related to #585.
Diffstat (limited to 'lib/verify.c')
-rw-r--r-- | lib/verify.c | 24 |
1 files changed, 9 insertions, 15 deletions
diff --git a/lib/verify.c b/lib/verify.c index 97b4dfc13..d58454a00 100644 --- a/lib/verify.c +++ b/lib/verify.c @@ -207,21 +207,15 @@ rpmVerifyAttrs rpmfilesVerify(rpmfiles fi, int ix, rpmVerifyAttrs omitMask) #if WITH_CAP if (flags & RPMVERIFY_CAPS) { - /* - * Empty capability set ("=") is not exactly the same as no - * capabilities at all but suffices for now... - */ - cap_t cap, fcap; - cap = cap_from_text(rpmfilesFCaps(fi, ix)); - if (!cap) { - cap = cap_from_text("="); - } - fcap = cap_get_file(fn); - if (!fcap) { - fcap = cap_from_text("="); - } - - if (cap_compare(cap, fcap) != 0) + cap_t cap = NULL; + cap_t fcap = cap_get_file(fn); + const char *captext = rpmfilesFCaps(fi, ix); + + /* captext "" means no capability */ + if (captext && captext[0]) + cap = cap_from_text(captext); + + if ((fcap || cap) && (cap_compare(cap, fcap) != 0)) vfy |= RPMVERIFY_CAPS; cap_free(fcap); |