tree-wide: have_effective_cap() may return negative errno

1 files changed, 13 insertions, 3 deletions

diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c
index b9147fbd78..4fbc5e877e 100644
--- a/src/sysext/sysext.c
+++ b/src/sysext/sysext.c
@@ -153,8 +153,12 @@ static int unmerge(void) {
 }
 
 static int verb_unmerge(int argc, char **argv, void *userdata) {
+        int r;
 
-        if (!have_effective_cap(CAP_SYS_ADMIN))
+        r = have_effective_cap(CAP_SYS_ADMIN);
+        if (r < 0)
+                return log_error_errno(r, "Failed to check if we have enough privileges: %m");
+        if (r == 0)
                 return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Need to be privileged.");
 
         return unmerge();
@@ -761,7 +765,10 @@ static int verb_merge(int argc, char **argv, void *userdata) {
         _cleanup_(hashmap_freep) Hashmap *images = NULL;
         int r;
 
-        if (!have_effective_cap(CAP_SYS_ADMIN))
+        r = have_effective_cap(CAP_SYS_ADMIN);
+        if (r < 0)
+                return log_error_errno(r, "Failed to check if we have enough privileges: %m");
+        if (r == 0)
                 return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Need to be privileged.");
 
         r = image_discover_and_read_metadata(&images);
@@ -796,7 +803,10 @@ static int verb_refresh(int argc, char **argv, void *userdata) {
         _cleanup_(hashmap_freep) Hashmap *images = NULL;
         int r;
 
-        if (!have_effective_cap(CAP_SYS_ADMIN))
+        r = have_effective_cap(CAP_SYS_ADMIN);
+        if (r < 0)
+                return log_error_errno(r, "Failed to check if we have enough privileges: %m");
+        if (r == 0)
                 return log_error_errno(SYNTHETIC_ERRNO(EPERM), "Need to be privileged.");
 
         r = image_discover_and_read_metadata(&images);